VPN Router 1750
Delivering security for the Internet

The rise of the Internet provides enterprises with a unique opportunity to realize cost savings in their internal and external communications. But the Internet was not designed with security in mind. Enterprises with mission-critical Internet applications must secure the data they transmit, as well as protect their internal networks from outside intrusion. The Nortel VPN Router 1750 is a cost-effective solution delivering secure, comprehensive IP services either in standalone mode or in conjunction with an existing router or Internet access device.

The VPN Router 1750 is a next-generation platform offering secure, high performance connectivity to the Internet or managed IP networks. Designed for enterprise sites, the VPN Router 1750 provides IP routing, Virtual Private Networking (VPN), stateful firewall, encryption and authentication in a single integrated platform. As a highly modular solution, the VPN Router 1750 series flexibly addresses medium and large site needs for secure Internet connectivity, including VPN communications, stateful firewalling and IP routing. With a comprehensive set of secure IP services, along with hardware-based encryption acceleration, the VPN Router 1750 allows enterprises to deploy needed services today with the flexibility and power to add new ones in the future. With a variety of LAN/WAN interface options, the VPN Router 1750 can act as the all-in-one “IP edge” solution for secure connection to the Internet or IP network. It offers high-speed LAN (10/100/1000 Mbps) as well as comprehensive WAN options — T1, V.35/X.21, ISDN, V.90 and HSSI — as well as Frame Relay support, for flexible connectivity.

Modular platform for flexible expansion
The VPN Router 1750 offers four expansion slots that can be used to integrate a range of hardware options. These include both 10/100 Mbps and Gigabit Ethernet, V.35, T1/E1, ISDN, V.90, ADSL and HSSI interfaces for fan-out and back-up purposes. The VPN Router 1750 can also accommodate an SSL VPN module or dedicated hardware acceleration option, providing maximum flexibility at an attractive entry price.

Low total cost of ownership
With its high-performance design, integrated LAN and WAN interfaces, and wide variety of secure IP services, the VPN Router 1750 is a cost-effective solution for mid-range and large enterprise sites, including remote branch and/or headquarters environments. A single VPN Router 1750 offers a range of services (e.g., router, VPN gateway, stateful firewall) that would otherwise require multiple discrete devices to deliver. Furthermore, new IP services can be easily added. The VPN Router 1750 can be deployed as a VPN gateway, router or firewall and new IP services can be later added via a software license key — simplifying the upgrade process.

Security by design
The VPN Router 1750 series incorporates the same Secure Routing Technology (SRT) framework available across the VPN Router product line. SRT tightly integrates security and IP services within a single VPN Router device and enables a consistent security structure across those services. This provides scalability and high performance even when running multiple IP services in the same device. SRT further delivers key features — such as dynamic routing over IPSec based VPN tunnels, common security policies across VPN, routing, firewall services and a flexible licensing scheme that enables new IP services to be turned up on demand. As a market leader in IP Virtual Private Networking (IP-VPN), Nortel’s VPN Router family has been delivering on the promise of secure end-to-end VPNs for years. The VPN Router 1750 delivers these market-leading VPN capabilities, whether for remote VPN client access or in support of branch or remote site VPNs to other VPN Router devices.

Flexible IP services
As a standards-based solution, the VPN Router 1750 series can interoperate with existing routing, authentication, directory
and security systems and can bridge the transition to new IP services. It can be deployed as an Internet access device, secure VPN gateway or firewall solution and be easily upgraded with additional services. Advanced routing software (e.g., OSPF, RIP, BGP) enables the VPN Router to interoperate with existing routing infrastructure. And support for LDAP, RADIUS and X.509 digital certificates enables the VPN Router to interoperate with existing authentication and/or directory systems.

Comprehensive management services

The VPN Router 1750 offers comprehensive management services common across the product line. These include the VPN Router Multi-element Manager, a centralized provisioning solution for up to 2,500 VPN Router devices which can store and automatically update remote VPN Router devices. Device management also includes Web-based and command-line configuration utilities, SNMP monitoring and alerts, as well as a rich set of security and system logging tools that let administrators track all transactions and events.

VPN Router 1750 features and benefits

Extensive VPN and security capabilities

Broad support for site-to-site and remote access VPNs — both SSL and IPSec — as well as extensive authentication options, wire-speed encryption (3DES and AES), stateful firewall and Denial of Service (DoS) protection.

Modular WAN and LAN I/O
Direct connection to a wide area network without requiring separate router or access device; additional I/O slots enable multiple WAN or LAN cards for back-up and/or expansion purposes.

Dial back-up and Dial-on-Demand services
Automatic connection over a dial back-up link (e.g., V.90 or ISDN) if primary Internet (IP) connection should fail. Or, same link can be used as primary WAN option in order to save cost.

QoS and bandwidth management
Sophisticated QoS ensures mission-critical data traffic and/or delay-sensitive voice traffic gets appropriate level of service for business communications.

Stateful packet firewall
High-performance firewall license provides network perimeter protection without requiring purchase of a separate standalone device.

Advanced routing
OSPF, BGP, VRRP and bandwidth management services allow design of robust, high-performance and highly available IP-VPN networks that can scale.

Hardware encryption accelerator

Improved VPN throughput through dedicated acceleration hardware.

Technical Specifications


IP Routing Services
• RIPv1, v2, Open Shortest Path First (OSPFv2), Border Gateway Protocol (BGP-4)
• 802.1Q VLAN routing
• Policy-based routing (next hop traffic filters)
• Virtual Router Redundancy Protocol (VRRP)
• Data Link Switching (DLSw); SNA encapsulation within IP
• Dynamic Routing over IPSec (RFC 3884)

VPN tunneling protocols
• IPSec, including authentication header (AH), encapsulating security protocol (ES) and Internet key exchange (IKE)
• Point-to-point tunneling protocol (PPTP), including compression and encryption
• Layer 2 Tunneling Protocol (L2TP), including L2TP/IPSec
• Secure Sockets Layer (SSL) v2.0, 3.0 and Transport Layer Security (TLS) with SSL VPN Module

Encryption
• Data Encryption Standard (DES)
• Triple DES (3DES) using 3 independent 56-bit keys; 168-bit key length (effective strength of 128 bits)
• Advanced Encryption Standard (AES); 128-bit and 256-bit versions
• RC4

User authentication services

• X.509 Digital Certificates and Smart Cards (support for all major vendors and MS-CAPI)
• Remote authentication dial-in user services (RADIUS)
• Hard and soft token support (e.g., SecureID and AXENT)
• User name and password and NT Domain Login
• Internal or external lightweight directory access protocol (LDAP)

WAN protocols and services
• Point-to-Point Protocol (PPP); including PPP over Ethernet (PPPoE)
• Frame Relay (including FRF.9 compression and FRF.12 fragmentation)
• ADSL (G.DMT, G.Lite, ANSI T1.413) with support for PPP and PPPoE over ATM
• Dial-on-demand and dial back-up services via integral V.90 modem or ISDN

Bandwidth management; QoS

• User and group-level configurable minimum bandwidth settings
• Eight forwarding priority queues
• DiffServ (Differentiated Services) with code point marking
• 802.1p/DSCP (Differentiated Services Code Point) mapping
• Multi-level Random Early Detection (MRED)
• Resource Reservation Protocol (RSVP)

Data compression
• IPComp (RFC 3173) for encrypted and non-encrypted traffic
• FRF.9 Frame Relay compression

Accounting Management
• Event, system, security and configuration logging
• Internal and external RADIUS accounting
• Automatic archiving to external system

Stateful firewall
• Nortel VPN Router Multi-Element Manager provides multi-box provisioning for up to 2,500 VPN Router devices
• Full Web browser-based HTML configuration
• Nortel Command Line Interface
• Easy Install utility for simple remote VPN Router set-up
• SNMP monitoring and alerts
• Three levels of administrator access; role-based management to separate service provider and end-user

Nortel VPN Client
• Multi-layers stateful packet inspection supporting over 100 network application protocols, including TCP, UDP, FTP,
HTTP, H.323, RealAudio, Java and ActiveX
• Defense against major “hacker” attacks, including DOS, SYN flood, Smurf, Ping, Spoofing, Fraggle and ICMP unreachable
• Extensive and customizable logging options
• NAT, Proxy and end-user authentication
• Unlimited firewall users and policies for tunneled and non-tunneled traffic

Endpoint security
• IPSec (with DES, 3DES and AES encryption)
• Microsoft Windows 95, 98, 2000, ME, NT and XP-based clients (free/unlimited)
• Macintosh, IBM-AIX, SUN-Solaris, HP-UX, Linux and Windows Mobile (Pocket PC) via optional license

SSL VPN
• Tunnel Guard enforces corporate security policies on endpoint PCs by checking for anti-virus, personal firewall or any application software (e.g., patches) before allowing VPN connection
• Support for up to 1000 secure Web browser sessions (with SSL VPN Module)
• Access from Microsoft Internet Explorer, Netscape Navigator and Mozilla browsers
• Universal Access Portal provides transparent IPSec or SSL single sign-on by end-users
• Authentication via RADIUS, LDAP, X.509 certificates
• Auto-logoff and cache-cleaning of files and history

Certifications
• ICSA (International Computer Security Association) 1.0d certification (IPSec)
• FIPS 140-2 (Federal Information Processing Standard for Security)
• Virtual Private Network Consortium (VPNC) Basic Conformance Testing (IPSec)

VPN Router 1750 — Up to 500 tunnels

Components
• Memory Standard — 128 MB Maximum — 256 MB
• 850 MHz processor
• Four PCI expansion slots
• LAN/WAN Interface Options Standard
– 2 x 10/100BaseT Ethernet ports
– Management/ Console Port (DB-9) Optional
– 10/100 Base-T Ethernet
– 1000 Base-SX/T (GigE) Ethernet
– 1-port V.35/X.21 serial
– 1-port T1/E1
– 4-port T1/E1
– 1-port ISDN BRI (S and T interface)
– V.90 modem
– ADSL
– High-Speed Serial Interface (HSSI)
– 56/64K CSU/DSU
• SSL VPN Module (option)
• Encryption accelerator card (option)
• Software

VPN Bundle (max tunnels)
– VPN Router O/S with 500 VPN Tunnels and IP routing (RIPv2)
– VPN Client for MS-Windows with unlimited distribution license

Secure Router Bundle
– VPN Router O/S with 5 VPN Tunnels and IP routing (RIPv2)
– VPN Client for MS-Windows with unlimited distribution license

Optional Licenses
– VPN Router Stateful Firewall
– VPN Router Advanced Routing (OSPF, VRRP, bandwidth management)
– VPN Client for MAC and UNIX
– VPN Tunnel Upgrade (from 5 to 500 tunnels) for Secure Router Bundle
– VPN Router Data Link Switching (DLSw)

Physical Length: 21 in. (53.3 cm)
Width: 17.25 in. (43.8 cm)
Height: 5.25 in. (13.3 cm)
Weight: 28.0 lb. (12.7 kg)

Operating environment
Electrical: 100-240 VAC, 5.0A @ 100
VAC or 3.0A @ 240 VAC, 50-60 Hz
Temperature: 32°-104°F (0°-40°C)
Relative humidity: 10-95% noncondensing
VPN Router 1750 — Up to 500 tunnels

1750 Router
VPN Routers at a glance
VPN Routers
VPN Client
VPN Router 1000 Series