Funkwerk R1202 ISDN BRI, Gigabit Ethernet, VPN Gateway

The Funkwerk R1202 is a powerful and, thanks to its comprehensive equipment, flexible VPN gateway.

With its 19-inch metal housing and highly efficient internal switched-mode power supply the gateway guarantees long-term reliability in critical corporate applications. This makes the R1202 ideal for use as a VPN gateway in SMEs and company head offices. The device has five Gigabit Ethernet ports, which can be configured for LAN, WAN or DMZ, and comes with a licence for ten hardware-accelerated IPSec tunnels. Up to 100 additional IPSec tunnels can also be enabled if licensed. The built-in ISDN BRI interface can be used as a remote configuration access and as an ISDN backup interface.

Using functions flexibly

Only a few functions are required to forward data between two networks. Funkwerk gateways have features that go far beyond just routing and allow it to be seamlessly integrated into complex IT infrastructures.

As routing protocols, you can use RIP, OSPF or the Multicast routing protocol PIM-SM for example, and the comprehensive multicast support makes the device ideal for use in multimedia and streaming applications. Even the basic equipment of the Funkwerk R1202 provides a SIP application level gateway (ALG) for the direct connection of IP telephones in the network or for registering with a VoIP provider. The ALG automatically controls the internal firewall making it easier to configure your VoIP solution.

Thanks to the integrated quality of service, you can prioritise VoIP traffic over normal internet traffic, for example, and thereby always ensure sufficient bandwidth for your IP voice connections. Alternatively you can give normal data traffic priority over e-mail traffic. The DNS proxy function supports the LAN for address implementation and the automated IP configuration of PCs is carried out over an integrated DHCP server. Remote CAPI is available for the joint use of various ISDN services.

Comprehensive IPSec implementation

The IPSec implementation integrated in Funkwerk R1202 works not only with preshared keys but also with certificates. This allows a public key infrastructure to be created for maximum security. (The German Federal Office for Information Security also recommends the use of certificates.)

Furthermore, the Funkwerk IPSec implementation offers support when creating VPN connections with dynamic IP addresses: Even small branch offices can be reached without having to be permanently online. If both VPN nodes only have dynamic IP addresses, confidential information can continue. The exchange of IP addresses is carried out either over dynamic DNS providers or directly over an ISDN connection. The actual dynamic IP address is transferred either free of charge in the ISDN D-channel or, if this is not possible, in the B-channel (at cost).

By using IKE Config mode and the Funkwerk IPSec multi user this offers the opportunity to create and manage IPSec dial-in solutions for multiple clients with minimal expense and IKE X-Auth (extended authentication) allows a connection to be secured with a one time password and thus with the highest level of security.

Load Balancing/Redundancy

The Funkwerk R1202 offers the opportunity to configure two or three interfaces as WAN interfaces. As a result, there is not only more bandwidth available, but there is the opportunity to spread data traffic across individual WAN connections according to load or data type. Equally, you can use a connection (e.g. SDSL) for the VPN connection of branch offices and external sales staff and use a second WAN port for a low-cost ADSL connection to guarantee the company's other data traffic.

Our Funkwerk router redundancy protocol (BRRP) allows two devices to be operated so that they act as a single device in the LAN. Both devices have their own IP and MAC addresses for each interface as well as a joint virtual IP and MAC address. This is registered as the standard gateway for all computers in the LAN. Both of the switched gateways communicate over the Funkwerk protocol and if either device fails, the other device automatically takes over the entire data traffic.

Simple configuration and maintenance

The gateway is configured over the Funkwerk Configuration Interface (FCI), using the integrated configuration wizards for example. The FCI is a web-based graphic user surface that you can use from any PC with an up-to-date Web browser via an HTTP or encrypted HTTPS connection. It also offers the opportunity to manage the devices locally and remotely over other configuration accesses such as Telnet, SSH and ISDN login.

In addition the R1202 offers the option of the funkwerk WLAN Controller

The funkwerk WLAN Controller allows the configuration and monitoring of small and medium sized WLANs with up to 24 access points. Whether it is for frequency management which automatically determines the radio channels, for the support of virtual LANs or for the management of virtual radio networks (Multi SSID)—the WLAN Controller offers easy control over all advanced features. Our software continuously monitors the entire wireless LAN and immediately reports outages and security risks.

DIME Manager from Funkwerk Enterprise Communications (FEC) is a free tool for managing FEC devices. DIME Manager is aimed at administrators who manage networks with up to 50 devices. The software simplifies the management and configuration of gateways or access points either individually or in logical groups. When developing DIME Manager, simple and efficient operation was the primary aim. It allows, for example, software updates to be applied to individual devices or groups of devices simply by drag and drop. DIME Manager recognises and manages new devices in the network using SNMP multicasts, in other words independent of their current IP address.

Technical Specifications

ISDN Interface

• CAPI: CAPI 2.0 with CAPI user concept (password for CAPI use)
• ISDN protocols: Euro-ISDN (Point-to-mulitpoint/Point-to-point)
• ISDN auto-configuration: Automatic recognition and configuration of ISDN protocols
• ISDN leased lines: Supported leased lines: D64S, D64S2, TS02, D64S2Y
• B channel protocols: Excellent interoperability with other manufacturers (Raw HDLC, CISCO HDLC, X.75)
• X.31 over CAPI: Support for various connection paths: X.31/A for ISDN D-channel, X.31/A+B for ISDN B-channel, X.25 within ISDN B-channel (also leased lines)
• Bit rate adaption: V.110 (1,200 up to 38,400 bps), V.120 up to 57,600 kbps (HSCSD) for connection to GSM subscribers

VPN

• PPTP (PAC/PNS): Point to Point Tunneling Protocol for establishing fo Virtual Privat Networks, inclusive strong encryption methods with 128 Bit (MPPE) up to 168 Bit (DES/3DES, Blowfish)
• PPP / PPTP hardware acceleration: Integrated hardware acceleration for PPP/PTPP encryption algorithms DES, 3DES, MPPE
• GRE v.0: Generic Routing Encapsulation V.0 according RFC 2784 for common encapsulation
• L2TP: Layer 2 tunnelling protocol inclusive PPP user authentication
• Number of VPN tunnels: Inclusive 110 active PPTP, L2TP and GRE v.0 tunnels (also in combination possible)
• IPSec: Internet Protocol Security establishing of VPN connections
• Number of VPN tunnels: Inclusive 10 active VPN tunnels, optional up to 110 IPSec tunnels
• IPSec Algorithms: DES (64 Bit), 3DES (192 Bit), AES (128,192,256 Bit), CAST (128 Bit), Blowfish (128-448 Bit), Twofish (256 Bit); MD-5, SHA-1, RipeMD160, Tiger192 Hashes
• IPSec hardware acceleration: Integrated hardware acceleration for IPSec encryption algorithms DES, 3DES, AES inclusive hardware acceleration for MD-5, SHA-1 Hash generation
• IPSec IKE: IPSec key exchange via preshared keys or certificates
• IPSec IKE Config Mode: IKE Config Mode server enables dynamic assignment of  IP addresses from the address pool of the company. IKE Config Mode client enables the router, to get assigned dynamically an IP address.
• IPSec IKE XAUTH (Client/Server): Internet Key Exchange protocol Extended Authenticaion client for login to XAUTH server and XAUTH server for loging of XAUTH clients
• IPSec IKE XAUTH (Client/Server): Inclusive the forwarding to a RADIUS-OTP (One Time Password) server
• IPSec NAT-T: Support of NAT-Traversal (Nat-T) for the application at VPN lines with NAT
• IPSec IPComp: IPSec IPComp data compression for higher data throughput via LZS
• IPSec certificates (PKI): Support of X.509 multi-level certificates compatible to Micrososft and Open SSL CA server; upload of PKCS#7/8/10/12 files via TFTP, HTTP, HTTP, LDAP, file upload and manual via FCI
• IPSec SCEP: Certificates management via SCEP (Simple Certificate Enrollment Protocol)
• IPSec Certificate Revocation Lists (CRL): Support of remote CRLs on a server via LDAP or local CRLs
• IPSec Dead Peer Detection: (DPD) Continuous control of IPSec connection
• IPSec dynamic IP via ISDN: Transmission of dynamic IP address in ISDN D or B channel; free-of-charge licence necessary
• IPSec dynamic DNS: Enables the registering of dynamic IP addresses by a dynamic DNS provider for establishing a IPSec connection.
• IPSec RADIUS: Authentication of IPSec connections at a RADIUS server. Additionally the IPSec peers, which were configured on a RADIUS server, can be loaded into the gateway (RADIUS dialout).
• IPSec Multi User: Enables the Dial-in of several IPSec clients via a single IPSec peer configuration entry
• IPSec QoS: The possibility to operate Quality of Service (traffic shaping) inside of an IPSec tunnel
• IPSec NAT: By activating of NAT on an IPSec connection it is possible, to implement several remote locations with identical local IP addess networks in different IP nets for the VPN connection
• IPSec throughput (1400): 86 Mbps with 1400 Byte packets with AES 256 / AES 128 / 3 DES encryption
• IPSec throughput (256): 19 Mbps with 1400 Byte packets with AES 256 / AES 128 / 3 DES encryption

Security

• NAT/PAT: Symmetric Network and Port Address Translation (NAT/PAT) with randomly generated ports inclusive Multi NAT (1:1 translation of whole networks)
• Policy based NAT/PAT: Network and Port Address Translation via different criteria like IP protocols, source/destination IP Address, source/destination port
• Policy based NAT/PAT: For incoming and outgoing connections and for each interface variable configurable
• Content Filtering: Optional ISS/Cobion Content filter (30 day test license inclusive)
• Stateful Inspection Firewall: Packet filtering depending on the direction with controling and interpretation of each single connection status
• Packet Filter: Filtering of IP packets according to different criteria like IP protocols, source/destination IP address, source/destination port, TOS/DSCP, layer 2 priority for each interface variable configurable

Routing

• Policy based Routing: Extended routing (Policy Based Routing) depending of diffent criteria like IP protocols (Layer4), source/destination IP address, source/destination port, TOS/DSCP, source/destination interface and destination interface status
• Multicast IGMP: Support of Internet Group Management Protocol (IGMP v1, v2, v3) for the simultaneous distribution of IP packets to several stations
• Multicast IGMP Proxy: For easy forwarding of multicast packets via dedicated interfaces
• Multicast Routing Protocol PIM SM: Protocol Independent Multicast (PIM) distributes information via a central Rendezvous Point Server. PIM Modus Sparse Mode (SM) forwards only packets to groups which have been requested
• Multicast inside IPSec tunnel: Enables the transmission of multicast packets via an IPSec tunnel
• RIP: Support of RIPv1 and RIPv2, separated configurable for each interface
• Extended RIP: Triggerd RIP updates according RFC 2091 and 2453, Poisened Rerverse for a better distribution of the routes; furthermore the possibility to define RIP filters for each interface.
• OSPF: Support of the dynamic routing protocol OSPF
• BGP4: On request
• Routing throughput (1518): 199 Mbps with 1518 Byte packets
• Routing throughput (256): 198 Mbps with 256 Byte packets

Interfaces

• Ethernet: 5 x 10/100/1000 Mbps Ethernet Twisted Pair, autosensing, Auto MDI/MDI-X, up to 4 ports can be switches as additional WAN ports incl. load balancing, all Ethernet ports can be configured as LAN or WAN.
• Serial console: Serial console interface / COM port (mini USB): optional, connection of an analogue / GPRS modem is possible
• ISDN Basic Rate (BRI): 1 x BRI (TE), 2 B channels

Hardware Features

• 19 inch: Mountable in 19 inch rack, incl. 19 inch rack mount kit
• Realtime clock: System time persists even at power failure for some hours.
• Environment: Temperature range: Operational 0°C to 40°C; storage -10°C to 70°C; Max. rel. humidity 10 - 95% (non condensing)
• Power supply: Integrated wide range power supply 110-240V, with energy efficient swiching controller
• Power consumption: Max. 15 Watt, typ. 13 Watt
• Housing: 19 inch 1 high unit metal case, screw-on 19 inch mounting-angle, LEDs and network connectors at front side
• Dimension: Ca. 485.6 mm x 220 mm x 45 mm (W x H x D)
• Weight: Ca. 2600g
• Fan: Fanless design therefore high MTBF
• Reset button: Restart or reset to factory state possible
• Standards and certifications: R&TTE directive 1999/5/EG; EN 55022; EN 55024 + EN 55024/A1; EN61000-3-2; EN61000-3-3; EN 61000-4-4; EN 60950-1; EN 300 328

Content of Delivery

• Manual: Quick Installation Guide in German and English
• DVD: DVD with system software, management software and documentation
• Ethernet cable: 1 Ethernet cable, 3m
• Network cable: Power cable
• Serial cable: Serial cable (mini USB - DSUB 9 female)
• ISDN (BRI/S0) cable: ISDN (BRI/S0) cable, 3m

Service

• Warranty: 2 year manufacturer warranty inclusive advanced replacement
• Software Update: Free-of-charge software updates for system software (BOSS) and management software (DIME manager)

For more technical specifications information, please refer to the Funkwerk R1202 Datasheet (PDF).

Specifications Tab

Questions Tab