- Supports over 2,000 concurrent VPN tunnels.
- Supports Static and Dynamic Client IP addresses.
- Supports gateway-to-gateway connectivity for
remote corporate offices and networks.
- Does not require Radius or other authentication
server.
- Compatible with internal or external Certification
Authority (CA).
- Support IPSec standard for all flavors of MS
Windows and UNIX.
- Does not require proprietary VPN client.
- Full support for x.509 certificates and RSA keys.
- Fully integrated IKE support including MD5, SHA-1,
3DES, Diffie-Hellman Group 2, and Group 5 encryption algorithms.
- Support of PPTP connections
- LAN-to-LAN secure connectivity via PPTP
Problems with regular VPN solutions
Today, many business support remote
offices, telecommuting employees, and mobile sales staff that require
secure and reliable connectivity to the corporate central office.
Their remote users utilize various methods to connect to the central
office from dial-up dynamic IP accounts to dedicated T1 and DSL
lines. Such businesses require that the utilized corporate gateway
offers not only high-level of scalability and throughput but also
dynamic and static IP address authentication and certificate distribution.
The SysMaster VPN solution
SysMaster VPN module fully supports
dynamic and static IP address users for telecommuting and mobile
users. The device also supports gateway-to-gateway secure connectivity
to offer virtual LAN services between remotely located offices and
the central corporate office. SysMaster includes embedded CA authority
functionality to simplify the user authentication as well as the
certificate/key distribution. The solution fully supports the IPSec/IKE
standard and thus does not require proprietary VPN clients for remote
connectivity. In addition, it is extremely scalable to allow over
2,000 concurrent users to connect without significant performance
impact.
Support of clients with both static
and dynamic IP addresses
SysMaster VPN module supports static
and dynamic VPN clients using standard IPSec compatible clients.
The device does not require a proprietary VPN client and readily
works with Microsoft Windows 2000 and XP clients (OS included) or
third-party clients. SysMaster does not require Radius or other
authentication server and provides full-scale CA services including
RSA key and x509 certificate generation and signing. DER/PEM/PKCS12
certificate/key distribution is supported. Integrated IKE support
for MD5, SHA-1, 3DES, Diffie-Hellman Group 2, and Group 5 encryption
algorithms.
Support of gateway-to-gateway connectivity
SysMaster allows remote corporate LANs
to be connected via secure connection over Internet. The device
can operate as a VPN gateway for each network segment to allow remote
corporate networks to be aggregated into one large virtual corporate
network. Supported gateway infrastructure allows inexpensive file,
printer, and service sharing among remotely located corporate networks.
SysMaster natively provides network Address Translation (NAT) services
to allow easy connection configuration and better LAN security.
SysMaster is a stand-alone Certification Authority
(CA)
SysMaster does not require additional servers to
provide secure authentication. Once keys and certificates are generated
by the SysMaster, they are distributed to the VPN clients. The device
allows key and certificate generation and signing for x509 and RSA
keys. The device also includes support for third-party generated
keys/certificates such as Verisign, Thawte, and others. Key/certificate
imports and exports are also fully supported.
Point-to-Point Tunneling Protocol VPN Networks
SysMaster allows for building virtual private networks
through the Internet based on the PPTP (Point-to-Point Tunneling
Protocol) protocol. PPTP provides for a secure transfer
of data between two ends facilitating the remote access to corporate
networks.
The PPTP can serve as a transport for all protocols
built on the IP protocol such as TCP,UDP,ICMP and layer 7 protocols
like HTTP, FTP and many others. PPTP is built on the base of the
PPP protocol which provides 128 bit secure encryption of the data.
Using SysMaster as a PPTP end point gateway, it can provide secure
access of remote clients to the local resources. All traffic, from
a remote client to the SysMaster device is encrypted. This solution
allows for LAN-to-LAN communications where clients on both ends
can be behind firewalls or gateways performing NAT (Network Address
Translation) translation.
The PPTP protocol is independent of the type of
connections used for transferring the data. In other words, it can
used for dial-up, DSL, T1, cable and other type of lines. It also
is not dependent on the type of client IP addresses such as dynamic
or static.
|
