ENG_[Routing] SAS500Series_112NL.FH11 - SELEX Elsag

SAS 500 series 

Secure Access Systems are network devices developed to offer the best in terms 

of broadband connectivity, security, scalability and accessibility. Designed as 

Security Gateways for encrypted IP communication over WAN and MAN networks, 

SAS put together the most advanced data, voice and video management functionality 

in a one-box solution. 

The SAS family devices are dedicated to data transmission 

network access and security. Using VPN (Virtual Private 

Network) and PKI (Public Key Infrastructure) technology, 

SAS devices offer data protection and public and private 

network access authentication, paying particular attention 

to mobility considerations (remote users, teleworking, etc). 

The SAS 500 series was created to satisfy the connectivity 

needs of remote locations and branch offices, supplying 

internet and company intranet connection and support for 

data, voice and video applications. The range of routers in 

the 500 series meets all the networking and security 

requirements of SME's with reduced installation and 

operating costs. 

The SAS 500 devices support xDSL (ADSL, ADSL2/2+, 

SHDSL 2 and 4 wires) broadband connections and are 

equipped with analogue (V.92) or ISDN (BRI) backup 

connections, while the Fast Ethernet 4-port switch (with 

10/100Mbps automatic negotiation) supports VLAN 

configuration. The SAS 500 routers are modular devices 

equipped with a "factory-upgradable" expansion slot to host 

modules such as the VoIP gateway (with either external or 

integrated Voice Management) or the 10/100baseT 8-port 

switch. 

All of the SAS 500 series routers have an integrated SPI 

(Stateful Packet Inspection) Firewall which, thanks to a 

sophisticated prevention mechanism and Cyber Defence 

Engine, guarantees the security of the entire LAN, monitoring 

and blocking all undesired traffic.

The VPN functionality based on the IPSec suite, with a 

dedicated encryption coprocessor, completes this product's 

range of security features. 

MAIN CHARACTERISTICS 

Routing 

The SAS router operating system (GAIA) supports: advanced 

routing protocols including RIP v1/v2, RIP RFC 2091 (RIP 

Triggered) OSPF and BGP-4; Multicast routing protocols 

including PIM and SM/DM; Multicast user registration 

through IGMP v1 and v2 with snooping functionality; 802.1Q 

VLAN tagging; Stateful packet filtering functionality; cache 

ACL; VRRP redundancy; ACL based user support with Radius; 

802.1x supplicant emulation; IPSLA management (SEmon 

compliant Cisco RTTMON, PING extended on SNMP); RADIUS 

and TACACS+ for the AAA (Authentication, Authorization, 

Accounting) operations of users who access the management 

interface; RMON; SNMP v1, v2c, v3 and Secure Telnet 

support. 

Protocols for Legacy application transport are also supported: 

SNA through DLSw v1 and v2; 802.2 (LLC2) also in redundant 

mode. The use of standard protocols in the GAIA operating 

system has always been a guarantee for the interoperability 

of SAS devices with other products on the market. 

Security 

The Firewall incorporated in the SAS devices integrates a 

Cyber Defence Engine that protects the networks through 

the application of stateful inspection firewalling functionality. 

The Cyber Defence Engine provides automatic protection 

against Denial of Service (DoS) attacks such as SYN flooding, 

IP smurfing, LAND, ping of Death and all the attacks on 

packet reassembly. The entire SAS 500 series support the 

following security mechanisms: 

• Authentication, Authorization and Accounting functionality 

through PAP and CHAP protocols , RADIUS, TACACS +, 

Preshared keys and X.509 v.3 digital certificates; 

• Logging: Local Log in memory (with the option of remote 

download), or SysLog Server logging. 

The IPsec-VPN supported standards are: 

• IPSec: AH and ESP (tunnel and transport modality); 

• Encryption algorithms: DES, TripleDES, AES; 

• Data Authentication: MD5, SHA-1; 

• Key management: IKE ISAKMP/Oakley. 

Quality of Service (QoS) 

The technology used by the Secure Access Systems (SAS) 

offers to the user a series of advanced tools for the 

management of segmented traffic and the control of the 

Quality of Service (QoS). The GAIA operating system allows 

the application of specific control policies and the verification 

of the path and priority parameters for every single 

application, ensuring that the traffic has the right level of 

priority. These characteristics make SAS routers the ideal 

system for the management of critical applications that 

require simultaneous management of data, voice and video 

traffic. 

Management 

The devices can be managed locally or from remote consoles. 

A specific console port is available for local management. 

This enables the configuration of device using an 

asynchronous terminal emulator. Remote management is 

performed through Telnet or, alternatively, via the SAS- 

Manager suite which enables the user to carry out all the 

"FCAPS" operations (Fault, Configuration, Accounting, 

Performance, Security). 

VoIP 

The 500 series SAS's support the Analogue/Digital VoIP 

Gateway (FXS / FXO, BRI) and either external or integrated 

Voice Management. The services supported by the 

BRI\Analogue gateway are as follows: 

• Registration through MD5 authentication; 

• Dial Plan; 

• Call Balancing Backup Proxy; 

• Authentication Proxy; 

• Supplementary services; 

• SIP Compact Form; 

• SDP in Ack; 

• RE-INVITE; 

• PRACK (provisional acknowledge); 

• Session Progress; 

• DTMF tone transport management; 

• RingTone Generation; 

• Free ISDN line Hunting (only point to point connections); 

• Voice Quality. 

MAIN FUNCTIONS 

Network Protocols: 

• IPv4 

• IPv6 

• ICMP 

• TCP 

• UDP 

• Telnet Client/Server 

• IEEE 802.2 (LLC 2) 

• PPP 

• DLSW v. 1, 

• DLSW v. 2 with backup peer 

• VLAN Tagging (IEEE 802.1q) 

• PEP (Performance Enhancing Proxies) 

Network Services: 

• DNS (resolver) 

• Proxy ARP 

• DHCP Client, Server and Relay Agent 

• DHCP Relay multiaddress 

• Helper Address (generic UDP broadcast) 

• Dynamic DHCP over IPSec 

• GRE 

• SNTP (Simple Network Time Protocol) 

• ACL 

• Dynamic ACL via Radius (over 802.1x)

• Cached ACL 

• NAT (one to one, one to many), SAT e PAT 

• NAT-T (Traversal) 

• Advanced NAT (NAT ALG ) 

• Netflow v5 

ATM Protocols: 

• ADSL 

• SHDSL 

• PPP On Demand 

• IPoETHERNET(XDSL) 

• IPoATM (XDSL) 

• PPPoATM (XDSL) 

• PPPoE (XDSL) 

• VC Bundling with Bumping 

ISDN Protocols 

• Q931Protocol 

• Multilink PPP 

• MPP Authentication 

• Dial on Demand Routing 

• Bandwith on Demand 

• Dialer watch (ISDN call opening and closing) 

• Callback 

• Dialer list 

QoS 

• ATM classes (UBR, CBR,VBR) 

• PQ Scheduler 

• CBWFQ Scheduler 

• LLQ Scheduler 

• Congestion avoidance RED/WRED 

• LFI, Link Fragmentation and Interleaving 

• TOS/IP Precedence/COS/ACL Classification 

• COS-TOS rewriting, TOS/precedence Marking 

Firewall 

• Integrated SPI (Stateful Packet Inspection) 

• Automatic DoS attack Detection 

• HTTP server relay 

• Time windows policy 

• Application content filtering 

Routing Protocols 

• RIP v. 1, v. 2, RIP RFC 2091 

• BGP4 

• OSPF v. 2 

• Routing filters 

• Policy Based Routing (PBR) 

• Route redistribution 

• Route Watch 

Multicast Protocols 

• IGMP v. 1, v. 2 

• IGMP v. 3 

• IGMP Proxy 

• PIM SM/DM 

• Track Multicast 

Redundancy Protocols 

• VRRP 

• VRRP Interface tracking 

• Ethernet Redundancy (per 802.2/LLC2) 

Authentication Protocols 

• RADIUS 

• PAP 

• CHAP 

• TACACS+ 

• 802.1x Authenticator 

• 802.1x Supplicant emulation 

Management 

• Configurator (CLI) 

• SNMP v. 1, v.2c, v. 3 

• Syslog 

• TFTP 

• Telnet 

• Secure Telnet SSL 

IP SLA Management 

• RTR 

• BFD Lite (Route probing) 

• SEMon (RTTmon compliant) 

• Remote Monitoring (RMON 1) 

• Traceroute and estended Traceroute (also on SNMP) 

• PING, extended PING, Amtec PING 

Security 

• DES Support 

• TDES Support 

• AES Support 

• Diffie-Hellman 

• X-Auth (extended authentication) 

• X.509v3 Digital Certificates management with SCEP and 

LDAP IKE 

• IK E 

• IKE Peer Backup 

• IPSec AH 

• IPSec ESP 

• IPSec Passthrough 

• IPComp (IP Payload Compression Protocol) 

• HW encryption 

• SSL 

• LDAPC 

VoIP 

• SIP v 2.0 

• RTP/RTCP 

• Codec: G711, G726, G723.1, G729, G722

TECHNICAL DATA 

Dimensions (WxDxH): 

Weight: 

Input voltage: 

Maximum consumption: 

Microprocessor: 

Serial EEPROM: 

RAM memory: 

Flash memory: 

Security: 

Regulatory and standard compliance: 

MODELS AND ORDERING INFORMATION 

MODELS 

SAS 502 

SAS 506 

SAS 512 

SAS 553 

SAS 557 

SAS 563 

Expansions (available only for SAS 502, 506, 512) 

Models 

VoIP 

8 Ports Switch 

Cables and adapters 

CV-MT 

CL-MD 

CL-CR 

CV-ISDN 

ADSL 

P/N 

Ports 

LAN 

WAN 

Console 

LAN 

WAN 

Console 

LAN 

WAN 

Console 

LAN 

WAN 

Console 

LAN 

WAN 

Console 

LAN 

WAN 

Console 

P/N 

141-8619/05 

140-8229/32 

255 mm x 225 mm x 44 mm 

1,2 Kg 

External AC/DC (110-230 VAC / 12 VDC) 

25 Watt 

Motorola MPC8272@400MHz 

8K 

128 Mbytes 

16 Mbytes 

• Integrated Cryptografic Coprocessor 

• Integrated HW random generator 

• EN 60950 (Security) 

• EN 55022 B class, EN 550082-1 (EMC Electromagnetic Compatibility) 

Description 

Switch 4 x Ethernet/Fast Ethernet 10/100 BaseT 

• 1 x ADSL - ADSL2/2+ 

• 1 x ISDN BRI (2B + D) 

1 x RJ14 


1 x SHDSL (2/4 wires) 

1 x RJ14 


• 1 x V.24/V.28, V.35/V.36 Serial 


1 x RJ14 


• 1 x ADSL - ADSL2/2+ 


• 3 x FXS + 1 x FXO/S + 2 x ISDN BRI 

1 x RJ14 


• 1 x SHDSL (2/4 wires) 


1 x RJ14 


• 1 x V.24/V.28, V.35/V.36 Serial 



1 x RJ14 

SELEX Elsag S.p.A. 

Sales Department – Point of Contact: getinfo@selexelsag.com – www.selexelsag.com 

This publication is issued to provide outline information only which (unless agreed by SELEX Elsag S.p.A. in writing) may not be used, applied or reproduced for any purpose or form part of any order or contract or be regarded as a 

representation relating to the products or services concerned. SELEX Elsag S.p.A. reserves the right to alter without notice the specification, design or conditions of supply of any product or service. SELEX Communications logo is 

a trademark of SELEX Elsag S.p.A. Printed in Italy. ©SELEX Elsag S.p.A. All Rights reserved. Code e-P-IT-460/V1/12/Y 

P/N 

145-8053/02 

145-8053/06 

145-8053/12 

E45-8120/45 

E45-8120/47 

E45-8120/25 

Description 

3 x FXS + 1 x FXO/S + 2 x ISDN BRI (only 5 channels can be used contemporarily) 

8 x 10/100baseT 

Description 

RJ11 Maintenance cable 

RJ11 MODEM cable 

RJ45 LAN crossed cable 

RJ45 ISDN cable 

RJ11 ADSL cable 

P/N 

CW-V35/DTE 

CW-V35/DCE 

CW-V24/DTE 

CW-V24/DCE 

RJ11 

Description 

WAN V35 DTE cable 

WAN V35 DCE cable 

WAN V24 DTE cable 

WAN V24 DCE cable 

RJ11 3-pins

ENG_[Routing] SAS500Series_112NL.FH11 - SELEX Elsag

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?