bintec R1202 - BidNet Management

The flexible VPN gateway for all cases
bintec R1202
• 5 x Gigabit Ethernet
• 19 inch housing with integrated power supply
• Web-based configuration / wizards
• IPSec - 10 tunnels, opt. up to 110, HW acceleration
• IPv6
• Stateful Inspection Firewall
• SIP Application Level Gateway
bintec R1202
The flexible VPN gateway for all cases
The bintec R1202 VPN gateway with Gigabit Ethernet and an ISDN interface has been designed
for SMEs and medium-sized corporate headquarters with higher performance requirements.
The bintec R1202 is a powerful and, thanks to its comprehensive equipment, flexible VPN
gateway. With its 19-inch metal housing and highly efficient internal switched-mode power
supply the gateway guarantees long-term reliability in critical corporate applications. This makes
the R1202 ideal for use as a VPN gateway in SMEs and company head offices. The device has
five Gigabit Ethernet ports, which can be configured for LAN, WAN or DMZ, and comes with a
licence for ten hardware-accelerated IPSec tunnels. Up to 100 additional IPSec tunnels can also
be enabled if licensed.
The built-in ISDN BRI interface can be used as a remote configuration access and as an ISDN
backup interface.
Using functions flexibly
Only a few functions are required to forward data between two networks. Bintec gateways have
features that go far beyond just routing and allow it to be seamlessly integrated into complex IT
As routing protocols, you can use RIP, OSPF or the Multicast routing protocol PIM-SM for example,
and the comprehensive multicast support makes the device ideal for use in multimedia and
streaming applications.
Even the basic equipment of the bintec R1202 provides a SIP application level gateway (ALG) for
the direct connection of IP telephones in the network or for registering with a VoIP provider. The
ALG automatically controls the internal firewall making it easier to configure your VoIP solution.
Thanks to the integrated quality of service, you can prioritise VoIP traffic over normal internet
traffic, for example, and thereby always ensure sufficient bandwidth for your IP voice
connections. Alternatively you can give normal data traffic priority over e-mail traffic. The DNS
proxy function supports the LAN for address implementation and the automated IP configuration
of PCs is carried out over an integrated DHCP server.
Remote CAPI is available for the joint use of various ISDN services.
Comprehensive IPSec implementation
The IPSec implementation integrated in bintec R1202 works not only with preshared keys but
also with certificates. This allows a public key infrastructure to be created for maximum security.
(The German Federal Office for Information Security also recommends the use of certificates.)
Furthermore, the bintec IPSec implementation offers support when creating VPN connections
with dynamic IP addresses: Even small branch offices can be reached without having to be
permanently online. If both VPN nodes only have dynamic IP addresses, confidential information
can continue. The exchange of IP addresses is carried out either over dynamic DNS providers or
directly over an ISDN connection. The actual dynamic IP address is transferred either free of
charge in the ISDN D-channel or, if this is not possible, in the B-channel (at cost).
By using IKE Config mode and the bintec IPSec multi user this offers the opportunity to create
and manage IPSec dial-in solutions for multiple clients with minimal expense and IKE X-Auth
(extended authentication) allows a connection to be secured with a one time password and thus
with the highest level of security.
Load Balancing/Redundancy
The bintec R1202 offers the opportunity to configure two or three interfaces as WAN interfaces.
Teldat GmbH - Suedwestpark 94 - 90449 Nuremberg - Germany
Phone: +49 - 911 9673-0 - Telefax: +49 - 911 688 07 25
E-Mail: -
bintec R1202
Subject to technical alterations
Page 2 / 10
As a result, there is not only more bandwidth available, but there is the opportunity to spread
data traffic across individual WAN connections according to load or data type. Equally, you can
use a connection (e.g. SDSL) for the VPN connection of branch offices and external sales staff
and use a second WAN port for a low-cost ADSL connection to guarantee the company's other
data traffic.
Our bintec router redundancy protocol (BRRP) allows two devices to be operated so that they act
as a single device in the LAN. Both devices have their own IP and MAC addresses for each
interface as well as a joint virtual IP and MAC address. This is registered as the standard gateway
for all computers in the LAN. Both of the switched gateways communicate over the bintec
protocol and if either device fails, the other device automatically takes over the entire data
Simple configuration and maintenance
The gateway is configured over the Configuration Interface (FCI), using the integrated
configuration wizards for example. The FCI is a web-based graphic user surface that you can use
from any PC with an up-to-date Web browser via an HTTP or encrypted HTTPS connection. It also
offers the opportunity to manage the devices locally and remotely over other configuration
accesses such as Telnet, SSH and ISDN login.
In addition the R1202 offers the option of the Teldat WLAN Controller.
The Teldat WLAN Controller allows the configuration and monitoring of small and medium sized
WLANs with up to 72 access points.
Whether it is for frequency management which automatically determines the radio channels, for
the support of virtual LANs or for the management of virtual radio networks (Multi SSID)—the
WLAN Controller offers easy control over all advanced features. Our software continuously
monitors the entire wireless LAN and immediately reports outages and security risks.
DIME Manager from Teldat is a free tool for managing Teldat devices.
DIME Manager is aimed at administrators who manage networks with up to 50 devices. The
software simplifies the management and configuration of gateways or access points either
individually or in logical groups.
When developing DIME Manager, simple and efficient operation was the primary aim. It allows,
for example, software updates to be applied to individual devices or groups of devices simply by
drag and drop. DIME Manager recognises and manages new devices in the network using SNMP
multicasts, in other words independent of their current IP address.
bintec R1202 - UK (5510000262)
VPN Gateway; 19 inch rack; 1x ISDN BRI; incl. 10 IPSec tunnels (opt. max. 110),
certificates, HW encryption; 4+1 Gigabit Eth. switch; UK version.
bintec R1202 (5510000210)
VPN Gateway; 19 inch rack; 1x ISDN BRI; incl. 10 IPSec tunnels (opt. max. 110),
certificates, HW encryption; 4+1 Gigabit Eth. switch; german and intern. version.
CAPI 2.0 with CAPI user concept (password for CAPI use)
Teldat GmbH - Suedwestpark 94 - 90449 Nuremberg - Germany
Phone: +49 - 911 9673-0 - Telefax: +49 - 911 688 07 25
E-Mail: -
bintec R1202
Subject to technical alterations
Page 3 / 10
ISDN protocols
Euro-ISDN (Point-to-mulitpoint/Point-to-point)
ISDN auto-configuration
Automatic recognition and configuration of ISDN protocols
ISDN leased lines
Supported leased lines: D64S, D64S2, TS02, D64S2Y
B channel protocols
Excellent interoperability with other manufacturers (Raw HDLC, CISCO HDLC, X.75)
X.31 over CAPI
Support for various connection paths: X.31/A for ISDN D-channel, X.31/A+B for ISDN B-channel,
X.25 within ISDN B-channel (also leased lines)
Bit rate adaption
V.110 (1,200 up to 38,400 bps), V.120 up to 57,600 kbps (HSCSD) for connection to GSM
Point to Point Tunneling Protocol for establishing fo Virtual Privat Networks, inclusive strong
encryption methods with 128 Bit (MPPE) up to 168 Bit (DES/3DES, Blowfish)
PPP / PPTP hardware
Integrated hardware acceleration for PPP/PTPP encryption algorithms DES, 3DES, MPPE
GRE v.0
Generic Routing Encapsulation V.0 according RFC 2784 for common encapsulation
Layer 2 tunnelling protocol inclusive PPP user authentication
Number of VPN tunnels
Inclusive 110 active PPTP, L2TP and GRE v.0 tunnels (also in combination possible)
Internet Protocol Security establishing of VPN connections
Number of VPN tunnels
Inclusive 10 active VPN tunnels, optional up to 110 IPSec tunnels
IPSec Algorithms
DES (64 Bit), 3DES (192 Bit), AES (128,192,256 Bit), CAST (128 Bit), Blowfish (128-448 Bit), Twofish
(256 Bit); MD-5, SHA-1, RipeMD160, Tiger192 Hashes
IPSec hardware acceleration
Integrated hardware acceleration for IPSec encryption algorithms DES, 3DES, AES inclusive
hardware acceleration for MD-5, SHA-1 Hash generation
IPSec key exchange via preshared keys or certificates
IPSec IKE Config Mode
IKE Config Mode server enables dynamic assignment of IP addresses from the address pool of the
company. IKE Config Mode client enables the router, to get assigned dynamically an IP address.
IPSec IKE XAUTH (Client/Server)
Internet Key Exchange protocol Extended Authenticaion client for login to XAUTH server and
XAUTH server for loging of XAUTH clients
IPSec IKE XAUTH (Client/Server)
Inclusive the forwarding to a RADIUS-OTP (One Time Password) server (supported OTP solutions
Support of NAT-Traversal (Nat-T) for the application at VPN lines with NAT
IPSec IPComp
IPSec IPComp data compression for higher data throughput via LZS
IPSec certificates (PKI)
Support of X.509 multi-level certificates compatible to Micrososft and Open SSL CA server; upload
of PKCS#7/8/10/12 files via TFTP, HTTP, HTTP, LDAP, file upload and manual via FCI
Certificates management via SCEP (Simple Certificate Enrollment Protocol)
IPSec Certificate Revocation
Support of remote CRLs on a server via LDAP or local CRLs
Lists (CRL)
IPSec Dead Peer Detection
Continuous control of IPSec connection
Teldat GmbH - Suedwestpark 94 - 90449 Nuremberg - Germany
Phone: +49 - 911 9673-0 - Telefax: +49 - 911 688 07 25
E-Mail: -
bintec R1202
Subject to technical alterations
Page 4 / 10
IPSec dynamic IP via ISDN
Transmission of dynamic IP address in ISDN D or B channel; free-of-charge licence necessary
IPSec dynamic DNS
Enables the registering of dynamic IP addresses by a dynamic DNS provider for establishing a IPSec
Authentication of IPSec connections at a RADIUS server. Additionally the IPSec peers, which were
configured on a RADIUS server, can be loaded into the gateway (RADIUS dialout).
IPSec Multi User
Enables the Dial-in of several IPSec clients via a single IPSec peer configuration entry
The possibility to operate Quality of Service (traffic shaping) inside of an IPSec tunnel
By activating of NAT on an IPSec connection it is possible, to implement several remote locations
with identical local IP addess networks in different IP nets for the VPN connection
IPSec throughput (1400)
86 Mbps with 1400 Byte packets with AES 256 / AES 128 / 3 DES encryption
IPSec throughput (256)
19 Mbps with 1400 Byte packets with AES 256 / AES 128 / 3 DES encryption
Symmetric Network and Port Address Translation (NAT/PAT) with randomly generated ports
inclusive Multi NAT (1:1 translation of whole networks)
Policy based NAT/PAT
Network and Port Address Translation via different criteria like IP protocols, source/destination IP
Address, source/destination port
Policy based NAT/PAT
For incoming and outgoing connections and for each interface variable configurable
Content Filtering
Optional ISS/Cobion Content filter (30 day test license inclusive)
Stateful Inspection Firewall
Packet filtering depending on the direction with controling and interpretation of each single
connection status
Packet Filter
Filtering of IP packets according to different criteria like IP protocols, source/destination IP address,
source/destination port, TOS/DSCP, layer 2 priority for each interface variable configurable
Policy based Routing
Extended routing (Policy Based Routing) depending of diffent criteria like IP protocols (Layer4),
source/destination IP address, source/destination port, TOS/DSCP, source/destination interface and
destination interface status
Multicast IGMP
Support of Internet Group Management Protocol (IGMP v1, v2, v3) for the simultaneous distribution
of IP packets to several stations
Multicast IGMP Proxy
For easy forwarding of multicast packets via dedicated interfaces
Multicast Routing Protocol PIM
Protocol Independent Multicast (PIM) distributes information via a central Rendezvous Point Server.
PIM Modus Sparse Mode (SM) forwards only packets to groups which have been requested
Multicast inside IPSec tunnel
Enables the transmission of multicast packets via an IPSec tunnel
Support of RIPv1 and RIPv2, separated configurable for each interface
Extended RIP
Triggerd RIP updates according RFC 2091 and 2453, Poisened Rerverse for a better distribution of
the routes; furthermore the possibility to define RIP filters for each interface.
Support of the dynamic routing protocol OSPF
Teldat GmbH - Suedwestpark 94 - 90449 Nuremberg - Germany
Phone: +49 - 911 9673-0 - Telefax: +49 - 911 688 07 25
E-Mail: -
bintec R1202
Subject to technical alterations
Page 5 / 10
On request
Routing throughput (1518)
199 Mbps with 1518 Byte packets
Routing throughput (256)
198 Mbps with 256 Byte packets
Protocols / Encapsulations
Support of Point to Point Protocol (PPP) for establishing of standard PPP connections, inclusive the
Multilink extension MLPPP for the bundeling of several connections
PPPoE (Server/Client)
Point-to-Point Protocol over Ethernet (Client and Server) for establisching of PPP connections via
Ethernet/DSL (RFC 2516)
MLPPPoE (Server/Client)
Multilink extension MLPPPoE for bundeling several PPPoE connections (only if both sides support
DNS client, DNS server, DNS relay and DNS proxy
Enables the registering of dynamic assigned IP addresses at adynamic DNS provider, e.g. for
establishing of VPN connections
DNS Forwarding
Enables the forwarding of DNS requests of free configurable domains to assigned DNS server.
DHCP Client, Server, Proxy and Relay for siplified TCP/IP configuration
Packet size controling
Adaption of PMTU or automatic packet size controling via fragmentation
X.25 Enhanced
Optional: X.25 over ISDN, XOT, X.25 to TCP Gateway, X.25 PAD, TP0 Bridge
Quality of Service (QoS)
Policy based Traffic Shapping
Dynamic bandwidth management via IP traffic shaping
Bandwidth reservation
Dynamic reservation of bandwidth, allocation of guaranteed and maximum bandwidths
Priority Queuing of packets on the basis of the DiffServ/TOS field
Layer2/3 tagging
Conversion of 802.1p layer 2 priorisation information to layer 3 diffserv attributes
TCP Download Rate Control
For reservation of bandwidth for VoIP connections
Redundancy / Loadbalancing
Bintec Router Redundancy Protocol for backup of several passive or active devices with free
selectable priority
Bandwidth on Demand: dynamic bandwidth to suit data traffic load
Load Balancing
Static and dynamic load balancing to several WAN connections on IP layer
VPN backup
Simple VPN backup via different media. Additional enables the Teldat interface based VPN concept
the application of routing protocols for VPN connections.
Teldat GmbH - Suedwestpark 94 - 90449 Nuremberg - Germany
Phone: +49 - 911 9673-0 - Telefax: +49 - 911 688 07 25
E-Mail: -
bintec R1202
Subject to technical alterations
Page 6 / 10
Layer 2 Functionality
Support of layer 2 bridging with the possibility of separation of network segment via the
configuration of bridge groups
Support of up to 32 VLAN (Virtual LAN) for segmentation of the network in independent virtual
segments (workgroups)
Proxy ARP
Enables the router to answer ARP requests for hosts, which are accessible via the router. That
enables the remote clients to use an IP address from the local net.
Logging / Monitoring / Reporting
Internal system logging
Syslog storage in RAM, display via web-based configuration user interface (http/https), filter for
subsystem, level, message
External system logging
Syslog, several syslog server with different syslog level configurable
E-Mail alert
Automatic E-Mail alert by definable events
SNMP traps
SNMP traps (v1, v2, v3) configurable
Activity Monitor
Sending of information to a PC on which Brickware is installed
IPSec monitoring
Display of IPSec tunnel and IPSec statistic; output via web-based configuration user interface
Interfaces monitoring
Statistic information of all pysical and logical interfaces (ETH0, ETH1, SSIDx, ...), output via
web-based configuration user interface (http/https)
ISDN monitoring
Display of active and past ISDN connections; output via web-based configuration user interface
IP accounting
Detailed IP accounting, source, destination, port, interface and packet/bytes counter, transmission
also via syslog protocol to syslog server
ISDN accounting
Detailed ongoing recording of ISDN connection parameter like calling number and charging
information, transmission also via syslog protocol to syslog server
RADIUS accounting
RADIUS accounting for PPP, PPTP, PPPoE and ISDN dialup connections
Keep Alive Monitoring
Control of hosts/connections via ICMP polling
Detailed traces can be done for different protocols e.g. ISDN, PPPoE, ... generation local on the
device and remote via DIME Manager
Traces can be stored in PCAP format, so that import to different open source trace tools (e.g.
wireshark) is possible.
Administration / Management
Central check of access authorization at one or several RADIUS server, RADIUS (PPP, IPSec
inclusive X-Auth and login authentication)
RADIUS dialout
On a RADIUS server configured PPP und IPSec connection can be loaded into the gateway (RADIUS
Support of TACACS+ server for login authentication and for shell comando authorization
Teldat GmbH - Suedwestpark 94 - 90449 Nuremberg - Germany
Phone: +49 - 911 9673-0 - Telefax: +49 - 911 688 07 25
E-Mail: -
bintec R1202
Subject to technical alterations
Page 7 / 10
Administration / Management
Time synchronization
The device system time can be obtained via ISDN and from a SNTP server (up to 3 time server
configurable). The obtained time can also be transmitted per SNTP to SNTP clients.
Automatic Time Settings
Time zone profiles are configurable. That enables an automatic change from summer to winter
Supported management
DIME Manager, XAdmin
Configurable scheduler
Configuring of time and event controlled tasks, e.g. reboot device, activate/deactivate interface,
activate/deactivate WLAN, trigger SW update and configuration backup
Configuration Interface (FCI)
Integrated web server for web-based configuration via HTTP or HTTPS (supporting self created
certificates). This user interface is by most of Teldat GmbH products identical.
Software update
Software updates are free of charge; update via local files, HTTP, TFTP or via direct access to the
Teldat web server
Remote maintenance
Remote maintenance via telnet, SSL, SSH, HTTP, HTTPS and SNMP (V1,V2,V3)
Configuration via serial interface
Serial configuariton interface is available
ISDN remote maintenance
Remote maintenance via ISDN dial-in with checking of the calling number. The ISDN remote
maintenance connection between two Teldat devices can be encrypted.
ISDN remote maintenance
A transparent mode enables transmissions of configurations and software updates respectively
GSM remote maintenance
Remote maintenance via GSM login (external modem and cable required)
Device discovery function
Device discovery via SNMP multicast.
On The Fly configuration
No reboot after reconfiguration required
SNMP (v1, v2, v3), USM model, VACM views, SNMP traps (v1, v2, v3) configurable, SNMP IP access
list configurable
SNMP configuration
Complete management with MIB-II, MIB 802.11, Enterprise MIB
Configuration export and import
Load and save configurations, optional encrypted; optional automatic control via scheduler
SSH login
Supports SSH V1.5 and SSH V2.0 for secure connections of terminal applications
HP OpenView
Integration into Network Node Manager
Support of XAdmin roll out and configuration managemant tool for larger router installations
5 x 10/100/1000 Mbps Ethernet Twisted Pair, autosensing, Auto MDI/MDI-X, up to 4 ports can be
switches as additional WAN ports incl. load balancing, all Ethernet ports can be configured as LAN
or WAN.
Serial console
Serial console interface / COM port (mini USB): optional, connection of an analogue / GPRS modem
is possible (supported modems: see
ISDN Basic Rate (BRI)
1 x BRI (TE), 2 B channels
Teldat GmbH - Suedwestpark 94 - 90449 Nuremberg - Germany
Phone: +49 - 911 9673-0 - Telefax: +49 - 911 688 07 25
E-Mail: -
bintec R1202
Subject to technical alterations
Page 8 / 10
19 inch
Mountable in 19 inch rack, incl. 19 inch rack mount kit
Realtime clock
System time persists even at power failure for some hours.
Temperature range: Operational 0°C to 40°C; storage -10°C to 70°C; Max. rel. humidity 10 - 95%
(non condensing)
Power supply
Integrated wide range power supply 110-240V, with energy efficient swiching controller
Power consumption
Max. 15 Watt, typ. 13 Watt
19 inch 1 high unit metal case, screw-on 19 inch mounting-angle, LEDs and network connectors at
front side
Ca. 485.6 mm x 220 mm x 45 mm (W x H x D)
Ca. 2600g
Fanless design therefor high MTBF
Reset button
Restart or reset to factory state possible
Standards and certifications
R&TTE directive 1999/5/EG; EN 55022; EN 55024 + EN 55024/A1; EN61000-3-2; EN 61000-3-3; EN
61000-4-4; EN 60950-1; EN 300 328
Content of Delivery
Quick Installation Guide in German and English
DVD with system software, management software and documentation
Ethernet cable
1 Ethernet cable, 3m
Network cable
Power cable
Serial cable
Serial cable (mini USB - DSUB 9 female)
ISDN (BRI/S0) cable
ISDN (BRI/S0) cable, 3m
2 year manufacturer warranty inclusive advanced replacement
Software Update
Free-of-charge software updates for system software (BOSS) and management software (DIME
MPPC and Stac compression
Free-of-charge license for Stac and MPPC compression; registration under required
IP address ISDN B/D channel
Free of charge license for IP address transmission in ISDN D or B channel for IPSec connections;
registering under required.
Access Points and Bridges
Teldat GmbH - Suedwestpark 94 - 90449 Nuremberg - Germany
Phone: +49 - 911 9673-0 - Telefax: +49 - 911 688 07 25
E-Mail: -
bintec R1202
Subject to technical alterations
Page 9 / 10
Access Points and Bridges
WLAN-Contr.-Bundle 10xW1003n
WLAN Controller Bundle contains 10 Access Points bintec W1003n (5510000321) ,
1 bintec R1202 (5510000210) and 2 WLAN Controller license (5500000943)
WLAN-Contr.-Bundle 10xW2003n
WLAN Controller Bundle contains 10 Access Points bintec W2003n (5510000324) ,
1 bintec R1202 (5510000210) and 2 WLAN Controller licences (5500000943)
Software Licenses
License upgrade 5 SIP channels
License to enhance the system by 5 additional SIP channels
Additional 25 IPSec tunnel license for Rxx02, RTxx02 and RXL12xxx series
Rxx02/RTxx02-X25 (5500000783)
License for X.25/XOT/X25toTCP for Rxx02 and RTxx02 series
Cobion Content Filter Small (80551)
Cobion content filter for RSxxx, Rxx02, RTxx02 series; R230a(w), R232b(w), TR200,
R1200(w/wu), R3000(w), R3400, R3800, R232aw; list price for one year
Pick-up Service / Warranty Extension
Service Package 'medium' (5500000812)
Warranty extension of 3 years to a total of 5 years, including advanced
replacement for Teldat products of the category 'medium'. Please find a detailed
description as well as an overview of the categories on
Product Services
HotSpotHosting 1yr 1 location (5510000198)
HotSpot solution hosting fee for 1 year and 1 location
HotSpotHosting 2yr 1 location (5500000861)
HotSpot solution hosting fee for 2 year and 1 location
Additional HotSpot location (5510000199)
Additional location for the HotSpot solution (551000198, 5500000861) valid for one
Console Cable MiniUSB to DSUB9
Serial console cable for RS, RT, Rxx02 Series and hybird (Mini USB to D-SUB 9)
Teldat GmbH - Suedwestpark 94 - 90449 Nuremberg - Germany
Phone: +49 - 911 9673-0 - Telefax: +49 - 911 688 07 25
E-Mail: -
bintec R1202
Subject to technical alterations
Page 10 / 10