• MPsec VPN Series Security Gateway

  • MPsec VPN Series Security Gateway can secure the network from access layer to aggregation layer. It can be deployed in the aggregation layer of carrier or large-medium-small enterprise and can secure the large- scale site VPN access and SOHO VPN access. It includes MPsec VPN3030, MPsec VPN3020B, MPsec VPN3010E, MPsec VPN3005C-104, and MPsec VPN3005C models.

    MPsec VPN3030 has four MIM slots and three Gigabit optical/electrical optional Ethernet interfaces. It supports 8-port Gigabit routing board card and up to 17 Gigabit ports. The plain text throughput reaches 600 Mbps. It supports the line rate forwarding of 128 or above-byte packets. The ciphertext throughput is up to 400Mbps. It supports dual-power supply redundancy and service card hot-swap.

    MPsec VPN3020B has four MIM slots and two Gigabit Ethernet optical/electrical optional interfaces. It supports up to six Ethernet interfaces. The plain text throughput reaches 600 Mbps. It supports the line rate forwarding of the packets with 128 or above bytes. The ciphertext throughput is up to 200Mbps. It supports dual-power supply redundancy and service card hot-swap.

    MPsec VPN3010E is configured with four 100M Ethernet interfaces. It supports up to four Ethernet interfaces. The plain text throughput of 64-byte packets can reach 40Mbps and 65Mbps for 128-byte packets. It supports the 100M line rate forwarding of the packets with 256 or above bytes. The ciphertext throughput reaches 50Mbps.

    MPsec VPN3005C is configured with two 100M Ethernet interfaces. It supports up to three Ethernet interfaces. The plain text throughput of 64-byte packets can reach 25Mbps, 40Mbps for 128-byte packets, and 72Mbps for 256-byte packets. It supports the 100M line rate forwarding of the packets with 512 or above bytes. The ciphertext throughput reaches 10Mbps. It also provides VoIP slots for VoIP modules to realize the aggregation of VoIP and VPN.

    MPsec VPN3005C-104 is configured with five 100M Ethernet interfaces. The plain text throughput of 64-byte packets can reach 55Mbps and 90Mbps for 128-byte packets. It supports nearly 100 M line rates forwarding of the packets with 256 or above bytes. The ciphertext throughput reaches 2Mbps.

    The MPsec VPN series security gateway adopts IPsec VPN tunnel technology. It can connect headquarters with the staff on business or at home or in branches and partners by setting up virtual private secure channel. Cooperating with MPsec VRC (VPN remote client software), the system can meet the requirements for mobile offices of users and provide security guarantee for enterprise information platform and e-governance system.

    MPsec VPN3030 and MPsec VPN3020B support dual-power supply redundancy, hot-swap of service cards and virtual security domain, and dual-system and dual-line backup. MPsec VPN3030 supports VRF-AWARE IPsec. The two devices are fit for telecom-level VPN networks and provide high-reliability, easy-management, strong-expansibility and low-cost VPN networks.

    MPsec VPN3030

    MPsec VPN3020B

     

    MPsec VPN3010E

    MPsec VPN3005C

     

      MPsec VPN3005C-104

    Key Features

    • Supports forced identity authentication based on pre-share key and digital certificate
    • Supports IPsec VPN traversing NAT technology
    • Supports remote dynamic IP address access and DDNS function support
    • Supports virtual security domain technology
    • Supports tunnel auto-negotiation, DPD and VPN tunnel deleting notice technologies
    • Supports network crisis processing mechanism
    • Supports DHCP over IPsec to realize internal IP auto configuration of mobile users
    • Realizes "0 configuration" of VPN security network
    • Supports routing protocol and firewall
    • Adopts English graphical network management system, and supports SNMP V3 protocol and the management based on user group
    • Provides rich software protocols, and standard encryption and authentication algorithms

    Product Features

    Supports IPsec encryption software speedup engine

    High-performance communication CPU supports ASIC hardware encryption card. The IPsec fast forwarding engine technology makes IPsec packets not need to be forwarded at system IP layer, which improves the forwarding efficiency and processing capability, and optimizing IPsec performance.

     

    Supports the forced identity authentication based on pre-share key and digital certificate

    It can provide PKI technologies such as online certificate application, certificate canceling, and CRL auto-update. It also supports third-party CA and can work with CA centers such as MPsec CMS, China Telecom CA and Windows2000/2003 CA.

     

    IPsec VPN traversing NAT technology

    It supports IPsec VPN traversing NAT for VPN tunnel traversing NAT without making special configuration to NAT equipment. As the writer of IPsec VPN traversing NAT national standards, Maipu is committed to promote IPsec VPN traversing NAT standards, aiming at making the present C/S and B/S information system of enterprises expand to the world seamlessly.

     

    Supports remote dynamic IP address access and DDNS functions

    It can accept tunnel negotiation requirement from peer VPN equipment with dynamic IP address, and simultaneously supports Dynamic Domain Name System (DDNS) function. It can solve the problem that the IP addresses of the two parties for tunnel negotiations are not fixed. In this way, users do not need to apply for fixed IP addresses and the network construction investment is saved.

     

    Supports virtual security domain technology

    It supports virtual security domain technology isolating IPsec VPN tunnel as per user ID providing solution to enterprise VPN network isolation and enterprise VPN interior network address reusing. It can ensure that one VPN equipment works for independent companies or departments and all companies or departments retain old IP address allocation.

    Supports tunnel auto-negotiation, DPD and VPN tunnel deleting notice technologies

    It supports auto-dialup, auto tunnel setup and VPN tunnel deletion under ADSL accessing environment. Based on the standard DPD message, it detects VPN tunnel disconnection caused by network fault to avoid asynchronous states of two peers.

     

    Supports various network crisis processing mechanism

    It can realize link backup, tunnel backup and load balance functions, and support dual-system hot backup protocol VRRP (VBRP) to improve network stability.

     

    Supports DHCP over IPsec

    It helps to automatically allocate an internal IP address to mobile users when accessing internal network through VPN.

    It integrates routing, security and DHCP function to one device, which saves the investments for users and simplifies the configuration.

     

    Realizes "0 configuration" of security network

    The "0 configuration" solution is to draw VPN network topology on Maipu configuration software. According to the prompts, the user inputs a few key parameters, and the software automatically generates configuration file, which is loaded to the related device. In this way, the configuration is complete.

     

    Supports routing protocol and firewall

    It controls VPN IPsec packets via source/destination address, port and IP protocol number ensuring network security. MPsec VPN supports AAA authentication, L2TP and GRE security protocols.

     

    Adopts English graphical network management system, and supports SNMP V3 protocol and the management based on user group

    It supports the centralized network management mode based on SNMP V3. It adopts English graphical network management system and users can configure the networks of MPsec VPN series security gateway, and monitor, measure, charge, and maintain VPN tunnel. It also supports the management based on user group. That is, use the wildcards to divide users to several groups according to the different IDs of peer users.

    When distinguishing and authenticating user identities are needed, the security policy that needs several tens even hundreds of configurations in the past can be reduced to one or several. Besides, it has more flexible key management modes. Managing VPN tunnel based on user group can reduce configuration difficulty and improve the system security.

     

    Provides rich software protocols, and standard encryption and authentication algorithms

    It supports international standard IPsec security protocols, ESP, AH or ESP+AH load encapsulation format, transmission mode and tunnel mode, manual configuration session key and IKE auto-negotiation encryption key and IKE main mode and active mode negotiation. MPsec series security gateways support international standard encryption and authentication algorithms, providing up to 256 bits of symmetrical key and 2048 bits of asymmetrical key.

    Technical Information

    Item

    MPsec VPN3030

    MPsec VPN3020B

    MPsec VPN3010E

    MPsec VPN3005C

    MPsec VPN3005C-104

    Product configuration

    Console port

    1

    1

    1

    1

    --

    High-speed MIM slots

    4

    4

    --

    1

    --

    VoIP slots

    --

    --

    --

    1

    --

    Power slots

    2

    2

    --

    --

    --

    Fan slots

    1

    1

    --

    --

    --

    IPsec/SNA sockets

    1

    1

    1

    1

    --

    Fixed Ethernet interfaces

    3GE

    2GE

    4FE

    2FE

    5FE

    Performance

    Control module type

    FM3A-MPU308-3GE

    FM3A-MPU206-2GE

    No

    No

    No

    Processor

    High-speed MIPS processor

    High-speed MIPS processor

    High-speed RISC processor

    High-speed RISC processor

    High-speed MIPS processor

    Flash

    Fixed 16Mbytes, which can be expanded to 80Mbytes

    Fixed 16Mbytes, which can be expanded to 80Mbytes

    Fixed 8Mbytes

    Fixed 8Mbytes

    Fixed 8Mbytes

    Memory

    128Mbytes by default, which can be expanded to 1Gbytes

    128Mbytes by default, which can be expanded to 1Gbytes

    Fixed 64Mbytes

    Fixed 64Mbytes

    Fixed 32Mbytes

    Encrypting rate

    400Mbps

    200Mbps

    50Mbps

    10Mbps

    2Mbps

    Max. number of tunnels

    5000 (128Mbytes memory)

    100000 (1Gbytes memory)

    5000 (128Mbytes memory)

    100000 (1Gbytes memory)

    1000 (64Mbytes memory)

    500

    500

    Average no-fault time

    500000 hours

    100000 hours

    100000 hours

    100000 hours

    50000 hours

    Bus bandwidth

    6Gbps

    3Gbps

    1Gbps

    --

    --

    Maximum routing table capacity

    39400 (128Mbytes memory)

    200000 (1Gbytes memory)

    39400 (128Mbytes memory)

    200000 (1Gbytes memory)

    19000 (64Mbytes memory)

    19000

    10000

    Maximum number of access lists

    41600

    41600

    2600

    2600

    1300

    64-byte delay

    4us

    4.4us

    30us

    40us

    25us

    Standards & Protocols

    Link protocol

    Ethernet_II, Ethernet_SNAP, 802.1Q

    Wide area protocol

    PPP, SLIP, SDLC, FR, LLC2, ISDN, X.25, HDLC, LAPB (supported only by MPsec VPN3005C)

    Network protocol

    TCP/IP, ICMP, UDP, FTP, TFTP, SNMP, TELNET, RLOGIN, DHCP, HTTP, DNS, ARP, DLSw, DDR

    Routing protocol

    Static route, RIPv1, RIPv2, OSPF, BGP, NDSP, IRMP, SNSP, IGMP, DVMRP, PIM-SM/DM

    Network security

    IPsec, DDR, PPP encryption, L2TP, GRE, policy route, AAA,  IKE, PKI, CA, MPLS L3VPN

    QoS

    FIFO, PQ, CQ, FQ, WFQ, CBWFQ, LLQ, RSVP, CAR, SPD, WRED, traffic shaping

    Physical index

    Dimension (W*D*H)

    444mm * 360mm * 102mm

    444mm * 360mm * 102mm

    340mm * 230mm * 44.5mm

    340mm * 230mm * 44mm

    340mm * 230mm * 44.5mm

    Weight

    12.5 KG (Full)

    12.5KG (Full)

    2.35 KG (Full)

    3KG (Full)

    1.25KG

    Power supply

    Input voltage (AC)

    Voltage: 100-240V

    Frequency: 50-60Hz

    Voltage: 100-240V

    Frequency: 50-60Hz

    Voltage: 100-240V

    Frequency: 50-60Hz

    Voltage: 100-240V;

    Frequency: 50-60Hz

    Voltage: 100-240V,

    Frequency: 50-60Hz

    Input voltage (DC)

    Voltage:-40 to  -57V

    Voltage: -40 to -57V

    --

    --

    --

    Rated

    Power

    200W

    200W

    20W

    45W

    8W

    Maximum Power consumption

    95W

    80W

    13W

    15W

    5W

    Environment

    Short-term working temperature

    0-40 Degree Celcius

    Long-term working temperature

    15-30 Degree Celcius

    Short-term working humidity

    10-90%. Non-condensing

    Long-term working humidity

    40-65%. Non-condensing

    Order Information

    Model

    Description

    MPsec VPN3030

    MPsec VPN3030

    Standard configuration: MPsec VPN3030 chassis (four slots), one fan module (FM3030-FAN), one power module (AD250-1T004), one control module (FM7A-MPU308-3GE, fixed three 1000Mbps Ethernet ports and three SFP slots, fixed flash 16M, one flash slot, two RAM slots, one fixed hardware-based encrypt module, one SNA/IPsec socket. SFP module is optional, but electric interfaces are mutually exclusive with optical interface)

    Chassis

    MPsec VPN3030-MF

    MPsec VPN3030 chassis (four service module slots, one control module slot, two power slots and one fan slot)

    Fan

    FM3030-FAN

    Fan module

    Control module

    FM7A-MPU308-3GE

    Control module, three fixed 1000Mbps Ethernet ports and three SFP slots, fixed flash 16M, one flash slot, two RAM slots, one fixed hardware-based encrypt module, one SNA/IPsec socket. The SFP module is optional, but electric interfaces are mutually exclusive with optical interface)

    Power module

    AD250-1T004

    AC power module, Two AC power modules can be inserted into chassis for redundant

    DD250-5T0042

    DC power module. Two DC power modules can be inserted into chassis for redundant

    FLASH

    FLASH8M-D168-64

    8MB flash card (8MB, 168 pins, 64bit)

    FLASH16M-D168-64

    16MB flash card (16MB, 168 pins, 64bit)

    FLASH32M-D168-64

    32MB flash card (32MB, 168 pins, 64bit)

    FLASH64M-D168-64

    64MB flash card (64MB, 168 pins, 64bit)

    RAM

    DDR333-128D

    128M DDR SDRAM; access speed: 333 MHz

    DDR400-256D

    256M DDR SDRAM; access speed: 400 MHz

    DDR400-512D

    512M DDR SDRAM; access speed: 400 MHz

    Module

    RM3A-2FEH

    Two-port 100Mbps Ethernet module, which includes two 10M/100Mbps Ethernet electric interfaces and two 100M bps SFP module slots.
    The SFP module is optional, but electric interfaces are mutually exclusive with optical interface.

    RM3A-8GETH

    Eight-port 1000Mbps Ethernet electric interface module, hot-swappable

    Fiber module

    SFP-M2-L03P8

    155M multi-mode optical module (transmission distance: 2km, LC interface, PECL interface level, wavelength: 850nm)

    SFP-S2-L03P3

    155MB Single mode optical module (transmission distance: 20km, LC interface, PECL interface level, wavelength: 1310nm)

    SFP-M1-L24P8

    1.25GB multi-mode optical module (transmission distance: 550m, LC interface, PECL interface level, wavelength: 850nm)

    SFP-S2-L24P3

    1.25GB Single mode optical module (transmission distance: 20km, LC interface, PECL interface level, wavelength: 1310nm)

    Functional module

    IPsec

    IPsec chip

    MPsec VPN3020B

    MPsec VPN3020B

    Standard configuration: MPsec VPN3020B chassis (four slots), one fan module (FM3020B-FAN), one power module (AD230-1T004), one control module (FM3A-MPU206-2GE, fixed two 1000Mbps Ethernet ports and two SFP slots, fixed flash 16M, one flash slot, two RAM slots, one fixed hardware-based encrypt module, one SNA/IPsec socket) (SFP module is optional, but electric interfaces is mutually exclusive with optical interface)

    Chassis

    MPsec VPN3020B-MF

    MPsec VPN3020B chassis (four service module slots, one control module slot, two power slots and one fan slot)

    Fan

    FM3020B-FAN

    Fan module

    Control module

    FM3A-MPU206-2GE

    FM3A-MPU206-2GE, fixed two 1000Mbps Ethernet ports and two SFP slots, fixed flash 16M, 1 flash slot, two RAM slots, one fixed hardware-based encrypt module, and one SNA/IPsec socket. The SFP module is optional, but electric interfaces are mutually exclusive with optical interface.

    Power module

    AD250-1T004

    AC power module, two AC power modules can be inserted into chassis for redundant

    DD250-5T0042

    DC power module, two DC power modules can be inserted into chassis for redundant

    FLASH

    FLASH8M-D168-64

    8MB flash card (8MB, 168 pins, 64-bit)

    FLASH16M-D168-64

    16MB flash card (16MB, 168 pins, 64-bit)

    FLASH32M-D168-64

    32MB flash card (32MB, 168 pins, 64-bit)

    FLASH64M-D168-64

    64MB flash card (64MB, 168 pins, 64-bit)

    RAM

    DDR400-512D

    512M DDR SDRAM, access speed: 400 MHz

    DDR400-256D

    256M DDR SDRAM, access speed: 400 MHz

    DDR333-128D

    128M DDR SDRAM, access speed: 333 MHz

    Module

    RM3A-2FEH

    Two-port 100Mbps Ethernet module, which includes two 10M/100Mbps Ethernet electric interfaces and two 100M bps SFP module slots.
    (SFP module is optional, but electric interfaces are mutually exclusive with optical interface)

    Fiber module

    SFP-M2-L03P8

    155M multi-mode optical module (transmission distance: 2km, LC interface, PECL interface level, wavelength: 850nm)

    SFP-S2-L03P3

    155MB Single mode optical module (transmission distance: 20km, LC interface, PECL interface level, wavelength: 1310nm)

    SFP-M1-L24P8

    1.25GB multi-mode optical module (transmission distance: 550m, LC interface, PECL interface level, wavelength: 850nm)

    SFP-S2-L24P3

    1.25GB Single mode optical module (transmission distance: 20km, LC interface, PECL interface level, wavelength: 1310nm)

    Functional module

    IPsec

    IPsec chip

    MPsec VPN3010E

    MPsec VPN3010E

    MPsec VPN3010E host, fixed  4 10M/100Mbps Ethernet ports, one console port, one SNA/IPsec socket, fixed 1 hardware-based encrypt module

    Functional module

    IPsec

    IPsec chip

    MPsec VPN3005C-104

    MPsec VPN3005-104

    VPN3005C-104-AC chassis, 8M FLASH, 32M memory, one fixed CONSOLE port, one 10/100M WAN Ethernet port, four 10/100M LAN Ethernet port.

    MPsec VPN3005C

    MPsec VPN3005C

    VPN3005C-AC chassis, 8M FLASH, 64M memory, one fixed CONSOLE port, two 10/100M Ethernet port, one fixed MIM slot, one fixed VoIP slot, 1 SNA/IPsec socket .

    Module

    RM2-1VOP

    RM2-1VOP module; inserting MIM slot and VoIP slot

    RM2-2VOP

    RM2-2VOP module; inserting MIM slot and VoIP slot

    RM2-1VOS

    RM2-1VOS module; inserting MIM slot and VoIP slot

    RM2-2VOS

    RM2-2VOS module; inserting MIM slot and VoIP slot

    RM2-1ETE

    RM2-1ETE module; inserting MIM slot

    RM2-1SAE

    RM2-1SAE module; inserting MIM slot

    RM2-1M336

    RM2-1M336 module; inserting MIM slot

    RM2-1CE1

    RM2-1CE1 module; inserting MIM slot

    RM2-1E1

    RM2-1E1 module; inserting MIM slot

    RM2-1STA

    RM2-1ST module; inserting MIM slot

    RM2-1U

    RM2-1U module; inserting MIM slot

    Functional module

    IPsec

    IPsec chip

     
  • Print this page    E-mail this page
߿ͷ
߿ͷϵͳ