Encryption; Vpn Tunneling; Web-Based Management; Performance - ADTRAN 1202361L2 Hardware Installation Manual

Introduction NetVanta 2000 Series Hardware Installation Guide

Encryption

The NetVanta 2000 Series encrypts data being sent out onto the network, using either the Data Encryption
Standard (DES) or Triple Data Encryption Standard (3DES) encryption algorithms. Data integrity is
ensured during transmission across the public infrastructure using Message Digest 5 (MD5) or Secure
Hash Algorithm version 1 (SHA1). In addition, Internet Key Exchange (IKE) can be used for user
authentication supporting public and private keys or digital certificates, ensuring that the proper VPN
tunnel is established and that the tunnel has not been redirected or compromised.

VPN Tunneling

NetVanta 2000 Series units are IPSec-compliant devices that support both encapsulation security payload
(ESP) and authentication header (AH) protocols and provide secure communication over potentially
unsecure network components. Acting as security gateways, the NetVanta 2050 and NetVanta 2054 can
provide up to five private encryption communication tunnels through the Internet with remote locations,
and the NetVanta 2100 can provide up to ten. The larger scale NetVanta 2300 offers support for up to 500
private encryption tunnels. For networks requiring more than 500 tunnels, the NetVanta 2400 provides
1000 private encryption tunnels. A NetVanta 2000 Series unit can also hide IP addresses from the external
world by performing NAT. The internal router allows multiple users to share a VPN connection and can
also direct incoming IP traffic.

Web-Based Management

A remote NetVanta 2000 Series can easily be configured and managed using a standard Web browser or
Telnet using the command line interface (CLI). The NetVanta 2000 Series also has a built-in alert and
logging mechanism for messaging and mail services. This enables the units to warn administrators about
network activities by logging the activities into a syslog server or sending an e-mail to the administrator.

Performance

Unlike a software-implemented VPN solution (which depends on local CPU and memory performance to
implement encryption), the NetVanta 2000 Series is a standalone hardware platform that off-loads the
CPU-intensive encryption process. (CPU performance is impacted by 3DES encryption, possibly slowing
all the local processes on the computer.) Since a NetVanta 2000 Series offers dedicated processing
platforms to drive the encryption process, local computer performance is unaffected.
16 Copyright © 2006 ADTRAN, Inc. 61202361L2-34D