Alcatel OmniAccess Alcatel OmniAccess 200 Series Security Appliance The corporate enterprise s most valued asset is mission critical data whether it is accessed by only a few or many thousands of employees. Managing network access requires centrally administered systems, locked down to preserve data integrity.
Alcatel Security Appliances, components of the Alcatel CrystalSec solution, are IPSec-compliant security devices that secure data communications, providing strong VPN capability. Based on the pioneering technology of Alcatel's 7130 Security Gateways, these dedicated units fit into any existing infrastructure and provide security services for enterprise site-to-site or client-to-site intranets, extranets, and Internet remote access. Alcatel offers two tamper-resistant security appliances the Alcatel OmniAccess 210 and OmniAccess 250 Security Appliance. Remote configuration, management, and upgrades for multiple gateways are simplified through a secure web interface from any point on the network. Model Bandwidth Concurrent Application (Mbps) users OmniAccess 210 12 (3DES), 500 Branch offices 40(AES) intranet, internet, extranet, remote access OmniAccess-250 70 (3DES), 2500 Corporate, large branch offices, remote access Features Firewall Port / packet filtering NAT NAT traversal Authentication PKI LDAP RADIUS Shared secrets Tunneling IPSec L2TP Encryption Benefits Powerful, enhanced network security enabled by integrated firewall, authentication, and VPN tunneling Eliminates need for third party firewall or NAT devices Adaptive networking - flexibility Standard PKI support from leading products like Entrust, VeriSign, Baltimore, Microsoft, and RSA supports legacy authentication systems AES, DES, 3DES, organizations can select the most advanced algorithms for optimal configuration Support for native Win2K/XP IPSec VPN client implementations Eliminates need for third party firewall or VPN devices Central management of multiple security appliances Supports a simple authentication scheme for VPN tunneling - it does not require a PKI or RADIUS server to set up VPN sessions The Alcatel CrystalSec solution and OmniAccess 200 makes it easy to deploy: Intranets / Extranets Globally secure internet remote access Managed VPN Firewall services 2
Added Value Scalable architecture The scalable architecture of the Alcatel 200 series supports thousands of secure tunnels to the corporate data center, allowing the enterprise to expand its business in terms of both size and diversity. Reliability The Alcatel 200 series offers protection against disruption of service. Guaranteed session connectivity allows secure access to mission-critical applications. Service providers can offer real security service level agreements (SLAs). Secure physical access These appliances have a tamper-resistant chassis that meets FIPS-140-1 Level 2 (OA-210) and FIPS-140-1 Level 3 (OA-250) standards. This means unattended equipment in remote sites are not accessible by unauthorized individuals.. Flexible PKI support Public key infrastructure (PKI) support empowers the network administrator with large-scale management control over deployments of thousands of users and devices from a single location. The OA-200 is designed to support certificates from Entrust, VeriSign, Netscape, Baltimore, and RSA Security. 3 www.alcatel.com/enterprise
Performance The OmniAccess 200 offers fast, hardware-based DES, 3-DES and AES encryption. The OA-250 has a custom hardware-based IPSec packet engine that supports thousands of VPN connections without impacting performance. By allowing clients to access gateways using compression, the OmniAccess 200 series helps users achieve better remote access performance. Interoperability Alcatel Security Appliances are IPSec-compliant solutions that are interoperable with other IPSec-compliant products. This includes strong interoperability with Alcatel s VPN-enabled 7130 Secure VPN Gateways, and the OmniAccess 512 Branch Office switch. OmniAccess 200 Applications Intranets Intranets allow users to share company data across geographically disparate locations. The OmniAccess 200 series enables secure data networking by creating secure tunnels, allowing the movement of private data across the public Internet or carrier network. OmniAccess 200 security appliances can also be configured to provide both authentication (PKI, LDAP, RADIUS, shared secrets) and firewall services (NAT, NAT traversal and port / packet filtering) to protect the corporate and branch offices from potential security breaches. 4
Extranets The addition of a LAN connection to business partners, suppliers, etc., creates an extranet. This managed connection is created for securely sharing information such as inventory or logistics that enable the partner to support the business. Global Internet Remote Access The OmniAccess 200 security appliance provides access to corporate resources for remote users or teleworkers. Remote users access the corporate LAN with Secure VPN Client software and an Internet account. VPN remote access is an intelligent way to replace dial-up modem banks, fixed leased lines, and expensive 1-800 numbers with low cost ISP dial-up. The OmniAccess also delivers firewall, NAT, PKI, and authentication features. Since the OmniAccess is standards-based, it can be integrated into environments running token-based security, PKIs, and IPSec. 5 www.alcatel.com/enterprise
Specifications Interfaces Three 10/100BaseT ports; RJ-45; two external PMC slotstia/eia-232 console serial terminal port Management ports 1 local, 1 modem Rackmount 19-inch rackmount shelf Dimensions Height: 1U 1.75 in. (4.45 cm) Width: 17 in. (43.18 cm) Depth: 12 in. (30.48 cm) Weight: 25 lbs. (11.25 kg) Environmental Temperature: 32 to 105 F (0 to 40 C) Humidity: 20% to 80% RH at 30 C Power requirements (OA-210/OA-250) Voltage: (90-135 VAC) / (180-265 VAC) autoselect Frequency: 47-63 Hz Current: OA-210: 0.9A @115VAC, 0.45A @230VAC OA-250: 1.1A @115VAC, 0.55A @230VAC Power consumption: OA-210: 100 Watts OA-250: 125 Watts Encryption/Integrity DES (FIPS 46-3), 3DES (FIPS 46-3), AES (FIPS 197), Blowfish, CAST, MD5, SHA-1 (FIPS 180-1) Authentication x.509 certificates, shared secret, RADIUS, NT Domain, TACACS+, LDAP CRL retrieval, Two factor authentication support Security standards IPsec, IKE, x.509v3, RSA (FIPS 186-2 &ANSI X9.31), LDAP v3, PKIX-CMP, PKCS 10/7/12/11, IPComp, SSL, SSH, SCEP, Diffie-Hellman Compression LZS data compression LZS hardware assisted compression (OA-250) Capacity (simultaneous VPN tunnels) OA-210: 500 OA-250: 2500 Certifications Designed to meet FIPS-140-1 Level 2 standard for OA-210, Level 3 standard for 250 Safety/Regulatory Approvals OA-210: FCC class B CSA, UL, CE, VCCI OA-250: FCC class B CSA, UL, CE, VCCI Management Console/CLISSH Web interface with secure HTTP Syslog output SNMP support 6
Ordering Information Part Number OA210-STD OA210-CS-STD OA210-LCS-STD OA210-INT OA210-CS-INT OA210-LCS-INT OA210-STD-U OA210-CS-STD-U OA210-LCS-STD-U OA210-CS-INT-U OA210-LCS-INT-U Description OmniAccess 210 without client support, IPsec VPN appliance. Includes one year hardware warranty. Standard Version (DES,3DES,AES, CAST, Blowfish) OmniAccess 210 with client support, IPsec VPN appliance. Includes one year hardware warranty. Standard Version (DES,3DES,AES, CAST, Blowfish) OmniAccess 210 with limited (20)client support, IPsec VPN appliance. Includes one year hardware warranty. Standard Version (DES,3DES,AES, CAST, Blowfish) OmniAccess 210 without client support, IPsec VPN appliance. Includes one year hardware warranty. International Version (56-bit DESonly) OmniAccess 210 with client support, IPsec VPN appliance. Includes one year hardware warranty. International Version (56-bit DES only) OmniAccess 210 with limited (20) client support, IPsec VPN appliance. Includes one year hardware warranty. International Version (56-bit DES only) Upgrade to standard version cryptography for OmniAccess210 (DES,3DES,AES,CAST,Blowfish). CD ROM only OmniAccess 210 software license upgrade that includes and Alcatel Secure VPN client unlimited distribution license. This is a software license only. Standard Version OmniAccess 210 software license upgrade that includes an Alcatel Secure VPN client limited distribution license (20). This is a software license only. Standard Version OmniAccess 210 software license upgrade that includes an Alcatel Secure VPN client unlimited distribution license. This is a software license only. International version OmniAccess 210 software license upgrade that includes an Alcatel Secure VPN client limited distribution license (20). This is a software license only. International version 7 www.alcatel.com/enterprise
Alcatel 26801 West Agoura Road Calabasas, CA 91301 (800) 995-2612 www.alcatel.com/enterprise Product specifications contained in this document are subject to change without notice. Contact your local Alcatel representative for the most current information. Copyright 2002 Alcatel Internetworking, Inc. All rights reserved. This document may not be reproduced in whole or in part without the express written permission of Alcatel Internetworking, Inc. Alcatel and the Alcatel logo are registered trademarks of Alcatel. All other trademarks are the property of their respective owners. P/N 031111-00. 4/02