ENG_[Routing] SAS500Series_112NL.FH11 - SELEX Elsag
ENG_[Routing] SAS500Series_112NL.FH11 - SELEX Elsag
ENG_[Routing] SAS500Series_112NL.FH11 - SELEX Elsag
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
SAS 500 series<br />
Secure Access Systems are network devices developed to offer the best in terms<br />
of broadband connectivity, security, scalability and accessibility. Designed as<br />
Security Gateways for encrypted IP communication over WAN and MAN networks,<br />
SAS put together the most advanced data, voice and video management functionality<br />
in a one-box solution.<br />
The SAS family devices are dedicated to data transmission<br />
network access and security. Using VPN (Virtual Private<br />
Network) and PKI (Public Key Infrastructure) technology,<br />
SAS devices offer data protection and public and private<br />
network access authentication, paying particular attention<br />
to mobility considerations (remote users, teleworking, etc).<br />
The SAS 500 series was created to satisfy the connectivity<br />
needs of remote locations and branch offices, supplying<br />
internet and company intranet connection and support for<br />
data, voice and video applications. The range of routers in<br />
the 500 series meets all the networking and security<br />
requirements of SME's with reduced installation and<br />
operating costs.<br />
The SAS 500 devices support xDSL (ADSL, ADSL2/2+,<br />
SHDSL 2 and 4 wires) broadband connections and are<br />
equipped with analogue (V.92) or ISDN (BRI) backup<br />
connections, while the Fast Ethernet 4-port switch (with<br />
10/100Mbps automatic negotiation) supports VLAN<br />
configuration. The SAS 500 routers are modular devices<br />
equipped with a "factory-upgradable" expansion slot to host<br />
modules such as the VoIP gateway (with either external or<br />
integrated Voice Management) or the 10/100baseT 8-port<br />
switch.<br />
All of the SAS 500 series routers have an integrated SPI<br />
(Stateful Packet Inspection) Firewall which, thanks to a<br />
sophisticated prevention mechanism and Cyber Defence<br />
Engine, guarantees the security of the entire LAN, monitoring<br />
and blocking all undesired traffic.
The VPN functionality based on the IPSec suite, with a<br />
dedicated encryption coprocessor, completes this product's<br />
range of security features.<br />
MAIN CHARACTERISTICS<br />
<strong>Routing</strong><br />
The SAS router operating system (GAIA) supports: advanced<br />
routing protocols including RIP v1/v2, RIP RFC 2091 (RIP<br />
Triggered) OSPF and BGP-4; Multicast routing protocols<br />
including PIM and SM/DM; Multicast user registration<br />
through IGMP v1 and v2 with snooping functionality; 802.1Q<br />
VLAN tagging; Stateful packet filtering functionality; cache<br />
ACL; VRRP redundancy; ACL based user support with Radius;<br />
802.1x supplicant emulation; IPSLA management (SEmon<br />
compliant Cisco RTTMON, PING extended on SNMP); RADIUS<br />
and TACACS+ for the AAA (Authentication, Authorization,<br />
Accounting) operations of users who access the management<br />
interface; RMON; SNMP v1, v2c, v3 and Secure Telnet<br />
support.<br />
Protocols for Legacy application transport are also supported:<br />
SNA through DLSw v1 and v2; 802.2 (LLC2) also in redundant<br />
mode. The use of standard protocols in the GAIA operating<br />
system has always been a guarantee for the interoperability<br />
of SAS devices with other products on the market.<br />
Security<br />
The Firewall incorporated in the SAS devices integrates a<br />
Cyber Defence Engine that protects the networks through<br />
the application of stateful inspection firewalling functionality.<br />
The Cyber Defence Engine provides automatic protection<br />
against Denial of Service (DoS) attacks such as SYN flooding,<br />
IP smurfing, LAND, ping of Death and all the attacks on<br />
packet reassembly. The entire SAS 500 series support the<br />
following security mechanisms:<br />
• Authentication, Authorization and Accounting functionality<br />
through PAP and CHAP protocols , RADIUS, TACACS +,<br />
Preshared keys and X.509 v.3 digital certificates;<br />
• Logging: Local Log in memory (with the option of remote<br />
download), or SysLog Server logging.<br />
The IPsec-VPN supported standards are:<br />
• IPSec: AH and ESP (tunnel and transport modality);<br />
• Encryption algorithms: DES, TripleDES, AES;<br />
• Data Authentication: MD5, SHA-1;<br />
• Key management: IKE ISAKMP/Oakley.<br />
Quality of Service (QoS)<br />
The technology used by the Secure Access Systems (SAS)<br />
offers to the user a series of advanced tools for the<br />
management of segmented traffic and the control of the<br />
Quality of Service (QoS). The GAIA operating system allows<br />
the application of specific control policies and the verification<br />
of the path and priority parameters for every single<br />
application, ensuring that the traffic has the right level of<br />
priority. These characteristics make SAS routers the ideal<br />
system for the management of critical applications that<br />
require simultaneous management of data, voice and video<br />
traffic.<br />
Management<br />
The devices can be managed locally or from remote consoles.<br />
A specific console port is available for local management.<br />
This enables the configuration of device using an<br />
asynchronous terminal emulator. Remote management is<br />
performed through Telnet or, alternatively, via the SAS-<br />
Manager suite which enables the user to carry out all the<br />
"FCAPS" operations (Fault, Configuration, Accounting,<br />
Performance, Security).<br />
VoIP<br />
The 500 series SAS's support the Analogue/Digital VoIP<br />
Gateway (FXS / FXO, BRI) and either external or integrated<br />
Voice Management. The services supported by the<br />
BRI\Analogue gateway are as follows:<br />
• Registration through MD5 authentication;<br />
• Dial Plan;<br />
• Call Balancing Backup Proxy;<br />
• Authentication Proxy;<br />
• Supplementary services;<br />
• SIP Compact Form;<br />
• SDP in Ack;<br />
• RE-INVITE;<br />
• PRACK (provisional acknowledge);<br />
• Session Progress;<br />
• DTMF tone transport management;<br />
• RingTone Generation;<br />
• Free ISDN line Hunting (only point to point connections);<br />
• Voice Quality.<br />
MAIN FUNCTIONS<br />
Network Protocols:<br />
• IPv4<br />
• IPv6<br />
• ICMP<br />
• TCP<br />
• UDP<br />
• Telnet Client/Server<br />
• IEEE 802.2 (LLC 2)<br />
• PPP<br />
• DLSW v. 1,<br />
• DLSW v. 2 with backup peer<br />
• VLAN Tagging (IEEE 802.1q)<br />
• PEP (Performance Enhancing Proxies)<br />
Network Services:<br />
• DNS (resolver)<br />
• Proxy ARP<br />
• DHCP Client, Server and Relay Agent<br />
• DHCP Relay multiaddress<br />
• Helper Address (generic UDP broadcast)<br />
• Dynamic DHCP over IPSec<br />
• GRE<br />
• SNTP (Simple Network Time Protocol)<br />
• ACL<br />
• Dynamic ACL via Radius (over 802.1x)
• Cached ACL<br />
• NAT (one to one, one to many), SAT e PAT<br />
• NAT-T (Traversal)<br />
• Advanced NAT (NAT ALG )<br />
• Netflow v5<br />
ATM Protocols:<br />
• ADSL<br />
• SHDSL<br />
• PPP On Demand<br />
• IPoETHERNET(XDSL)<br />
• IPoATM (XDSL)<br />
• PPPoATM (XDSL)<br />
• PPPoE (XDSL)<br />
• VC Bundling with Bumping<br />
ISDN Protocols<br />
• Q931Protocol<br />
• Multilink PPP<br />
• MPP Authentication<br />
• Dial on Demand <strong>Routing</strong><br />
• Bandwith on Demand<br />
• Dialer watch (ISDN call opening and closing)<br />
• Callback<br />
• Dialer list<br />
QoS<br />
• ATM classes (UBR, CBR,VBR)<br />
• PQ Scheduler<br />
• CBWFQ Scheduler<br />
• LLQ Scheduler<br />
• Congestion avoidance RED/WRED<br />
• LFI, Link Fragmentation and Interleaving<br />
• TOS/IP Precedence/COS/ACL Classification<br />
• COS-TOS rewriting, TOS/precedence Marking<br />
Firewall<br />
• Integrated SPI (Stateful Packet Inspection)<br />
• Automatic DoS attack Detection<br />
• HTTP server relay<br />
• Time windows policy<br />
• Application content filtering<br />
<strong>Routing</strong> Protocols<br />
• RIP v. 1, v. 2, RIP RFC 2091<br />
• BGP4<br />
• OSPF v. 2<br />
• <strong>Routing</strong> filters<br />
• Policy Based <strong>Routing</strong> (PBR)<br />
• Route redistribution<br />
• Route Watch<br />
Multicast Protocols<br />
• IGMP v. 1, v. 2<br />
• IGMP v. 3<br />
• IGMP Proxy<br />
• PIM SM/DM<br />
• Track Multicast<br />
Redundancy Protocols<br />
• VRRP<br />
• VRRP Interface tracking<br />
• Ethernet Redundancy (per 802.2/LLC2)<br />
Authentication Protocols<br />
• RADIUS<br />
• PAP<br />
• CHAP<br />
• TACACS+<br />
• 802.1x Authenticator<br />
• 802.1x Supplicant emulation<br />
Management<br />
• Configurator (CLI)<br />
• SNMP v. 1, v.2c, v. 3<br />
• Syslog<br />
• TFTP<br />
• Telnet<br />
• Secure Telnet SSL<br />
IP SLA Management<br />
• RTR<br />
• BFD Lite (Route probing)<br />
• SEMon (RTTmon compliant)<br />
• Remote Monitoring (RMON 1)<br />
• Traceroute and estended Traceroute (also on SNMP)<br />
• PING, extended PING, Amtec PING<br />
Security<br />
• DES Support<br />
• TDES Support<br />
• AES Support<br />
• Diffie-Hellman<br />
• X-Auth (extended authentication)<br />
• X.509v3 Digital Certificates management with SCEP and<br />
LDAP IKE<br />
• IK E<br />
• IKE Peer Backup<br />
• IPSec AH<br />
• IPSec ESP<br />
• IPSec Passthrough<br />
• IPComp (IP Payload Compression Protocol)<br />
• HW encryption<br />
• SSL<br />
• LDAPC<br />
VoIP<br />
• SIP v 2.0<br />
• RTP/RTCP<br />
• Codec: G711, G726, G723.1, G729, G722
TECHNICAL DATA<br />
Dimensions (WxDxH):<br />
Weight:<br />
Input voltage:<br />
Maximum consumption:<br />
Microprocessor:<br />
Serial EEPROM:<br />
RAM memory:<br />
Flash memory:<br />
Security:<br />
Regulatory and standard compliance:<br />
MODELS AND ORDERING INFORMATION<br />
MODELS<br />
SAS 502<br />
SAS 506<br />
SAS 512<br />
SAS 553<br />
SAS 557<br />
SAS 563<br />
Expansions (available only for SAS 502, 506, 512)<br />
Models<br />
VoIP<br />
8 Ports Switch<br />
Cables and adapters<br />
CV-MT<br />
CL-MD<br />
CL-CR<br />
CV-ISDN<br />
ADSL<br />
P/N<br />
Ports<br />
LAN<br />
WAN<br />
Console<br />
LAN<br />
WAN<br />
Console<br />
LAN<br />
WAN<br />
Console<br />
LAN<br />
WAN<br />
Console<br />
LAN<br />
WAN<br />
Console<br />
LAN<br />
WAN<br />
Console<br />
P/N<br />
141-8619/05<br />
140-8229/32<br />
255 mm x 225 mm x 44 mm<br />
1,2 Kg<br />
External AC/DC (110-230 VAC / 12 VDC)<br />
25 Watt<br />
Motorola MPC8272@400MHz<br />
8K<br />
128 Mbytes<br />
16 Mbytes<br />
• Integrated Cryptografic Coprocessor<br />
• Integrated HW random generator<br />
• EN 60950 (Security)<br />
• EN 55022 B class, EN 550082-1 (EMC Electromagnetic Compatibility)<br />
Description<br />
Switch 4 x Ethernet/Fast Ethernet 10/100 BaseT<br />
• 1 x ADSL - ADSL2/2+<br />
• 1 x ISDN BRI (2B + D)<br />
1 x RJ14<br />
Switch 4 x Ethernet/Fast Ethernet 10/100 BaseT<br />
1 x SHDSL (2/4 wires)<br />
1 x RJ14<br />
Switch 4 x Ethernet/Fast Ethernet 10/100 BaseT<br />
• 1 x V.24/V.28, V.35/V.36 Serial<br />
• 1 x ISDN BRI (2B + D)<br />
1 x RJ14<br />
Switch 4 x Ethernet/Fast Ethernet 10/100 BaseT<br />
• 1 x ADSL - ADSL2/2+<br />
• 1 x ISDN BRI (2B + D)<br />
• 3 x FXS + 1 x FXO/S + 2 x ISDN BRI<br />
1 x RJ14<br />
Switch 4 x Ethernet/Fast Ethernet 10/100 BaseT<br />
• 1 x SHDSL (2/4 wires)<br />
• 3 x FXS + 1 x FXO/S + 2 x ISDN BRI<br />
1 x RJ14<br />
Switch 4 x Ethernet/Fast Ethernet 10/100 BaseT<br />
• 1 x V.24/V.28, V.35/V.36 Serial<br />
• 1 x ISDN BRI (2B + D)<br />
• 3 x FXS + 1 x FXO/S + 2 x ISDN BRI<br />
1 x RJ14<br />
<strong>SELEX</strong> <strong>Elsag</strong> S.p.A.<br />
Sales Department – Point of Contact: getinfo@selexelsag.com – www.selexelsag.com<br />
This publication is issued to provide outline information only which (unless agreed by <strong>SELEX</strong> <strong>Elsag</strong> S.p.A. in writing) may not be used, applied or reproduced for any purpose or form part of any order or contract or be regarded as a<br />
representation relating to the products or services concerned. <strong>SELEX</strong> <strong>Elsag</strong> S.p.A. reserves the right to alter without notice the specification, design or conditions of supply of any product or service. <strong>SELEX</strong> Communications logo is<br />
a trademark of <strong>SELEX</strong> <strong>Elsag</strong> S.p.A. Printed in Italy. ©<strong>SELEX</strong> <strong>Elsag</strong> S.p.A. All Rights reserved. Code e-P-IT-460/V1/12/Y<br />
P/N<br />
145-8053/02<br />
145-8053/06<br />
145-8053/12<br />
E45-8120/45<br />
E45-8120/47<br />
E45-8120/25<br />
Description<br />
3 x FXS + 1 x FXO/S + 2 x ISDN BRI (only 5 channels can be used contemporarily)<br />
8 x 10/100baseT<br />
Description<br />
RJ11 Maintenance cable<br />
RJ11 MODEM cable<br />
RJ45 LAN crossed cable<br />
RJ45 ISDN cable<br />
RJ11 ADSL cable<br />
P/N<br />
CW-V35/DTE<br />
CW-V35/DCE<br />
CW-V24/DTE<br />
CW-V24/DCE<br />
RJ11<br />
Description<br />
WAN V35 DTE cable<br />
WAN V35 DCE cable<br />
WAN V24 DTE cable<br />
WAN V24 DCE cable<br />
RJ11 3-pins