The high-performance central site VPN Gateway
The bintec RXL12500 central site VPN gateway is, thanks to its comprehensive IPSec implementation and blazing IPSec encryption performance, perfectly suited for mission-critical applications at large and medium-sized corporate headquarters.
The high-performance bintec RXL12500 central-site VPN gateway offers exceptional flexibility thanks to its comprehensive feature set. With its 19-inch metal housing and highly efficient internal switch mode power supply, the RXL12500 provides long-term reliability for mission-critical applications. The device's ten Gigabit Ethernet ports (8 x RJ45 and 2 x SFP) can be independently configured for use in a LAN, WAN, or DMZ. A license for 100 IPSec tunnels is included and can be expanded to accommodate up to 2500 tunnels.
Administrators can use either the integrated ISDN interface or a UMTS USB stick for remote configuration. The optional bintec PSU XL slide-in power supply module equips the bintec RXL12500 with a redundant power supply, making the central-site VPN gateway a perfect fit for complex environments such as corporate headquarters.
The RXL series can also be used in combination with the Teldat WLAN controller.
The Teldat WLAN controller lets you configure and monitor small- and medium-sized WLAN networks with up to 150 access points. No matter whether you need frequency management with automatic channel selection, support for virtual LANs, or virtual wireless network administration (multi-SSID), you'll have every advanced feature at your fingertips with the WLAN Controller. The software continually monitors the entire WLAN, sending a notification for any malfunction or security threat.
Forwarding data between two networks only requires basic functionality. Bintec gateways however offer features that go far beyond mere routing to allow seamless integration into even the most complex IT infrastructures. Functions such as extended routing and extended NAT (ERN) enable detailed implementations to strictly separate all incoming and outgoing packets according to precisely defined criteria.
For routing, you can use RIP, OSPF or the multicast routing protocol PIM-SM. Comprehensive multicast support makes this gateway an excellent choice for multimedia and streaming applications.
Integrated quality of service allows you to prioritize your data. Put VoIP traffic ahead of normal Internet traffic to ensure your IP voice applications have sufficient bandwidth at all times. Or use the QoS functionality to give regular data priority over e-mail traffic.
The DNS proxy feature supports address translation on the LAN and the integrated DHCP server automates IP configuration on client PCs.
Comprehensive IPSec implementation
The RXL12500's IPSec implementation goes beyond preshared keys. We've also given you the ability to use certificates, as Germany's Federal Office for Information Security recommends. This lets you build a public key infrastructure for maximum security. Administrators can manage certificates conveniently and easily with a RADIUS server. Teldat even provides special functionality that makes it possible to implement a RADIUS dial-out solution.
Using the IKE Config Mode and Bintec IPSec Multi-User features, administrators can implement and administer IPSec dial-in solutions for a large number of clients with minimal effort. IKE-X-Auth (extended authentication) lets you secure connections using a one-time password to achieve the highest level of security possible. The bintec IPSec implementation also assists you in establishing VPN connections with dynamic IP addresses, extending connectivity to small branch locations that may not be online all the time. Even if both VPN participants have dynamic IP addresses, they can still take advantage of secure communications. A dynamic DNS provider or a direct ISDN connection can facilitate the exchange of IP addresses. The dynamic IP address is sent either over the ISDN D-channel at no cost or, if this is not possible, over the B-channel (carrier charges may apply).
Load balancing / Redundancy
With the bintec RXL12500, you can configure multiple interfaces for WAN access. This not only provides more bandwidth, but also makes it possible to distribute data across individual WAN connections according to loads or data types. You can for instance use one internet connection on a 100 Mbps Ethernet port to establish VPNs for numerous branch locations and external staff members. A second WAN port can then provide cost-effective VDSL internet access for the rest of the company.
Our bintec Router Redundancy Protocol allows two routers to function on the LAN as if they were a single device. In addition to each unit having its own unique IP and MAC addresses for every interface, the two units are also assigned a shared virtual IP and MAC address. This virtual address is then entered as the standard gateway on all the computers on the LAN. The two linked gateways communicate with each other using the bintec protocol. If one of the units goes down, the other one automatically takes over and handles all the traffic.
Simple configuration and maintenance
Administrators can configure the gateway using the configuration assistants that are integrated into the Configuration Interface (FCI). The FCI is a web-based graphical user interface that can be accessed via HTTP or the encrypted HTTPS protocol from any PC with a current Web browser. Administrators can configure the RXL12500 locally or remotely using telnet, SSH, or an ISDN login.
The gateway's numerous monitoring options represent one of its main security features. You can query all the configuration parameters and status information via SNMP. You can also have this information sent from the Gateway to an SNMP manager via SNMP traps or create log files of syslog messages. Administrators can also choose to receive e-mail notifications of specific events.
|Ethernet / conexiune LAN||Da|
|Ethernet LAN rată de transfer de date||10, 100, 1000 Mbit/s|
|Conexiune WAN||Ethernet (RJ-45)|
|Număr de porturi Ethernet LAN (RJ-45)||8|
|Numărul de porturi SFP||2|
|Număr de porturi USB||2|
|Tip conexiune DSL||Nu|
|Rețea de date||Nu|
|Standarde de rețea||IEEE 802.1p, IEEE 802.1Q, IEEE 802.3, IEEE 802.3ab, IEEE 802.3u, IEEE 802.3z|
|Suportă conexiune ISDN||Da|
|Protocoale de rutare||BGP, OSPF, RIP-1, RIP-2|
|Protocoale de administrare||Telnet, HTTP, SNMP, SSL, SSH|
|Management bazat pe web||Da|
|Buton de Reset||Da|
|Suport Quality of Service (QoS)||Da|
|Securitate Firewall||SIF, NAT/PAT|
|Metoda de autentificare||802.1x RADIUS, TACACS+|
|Algoritmi de securitate||128-bit AES, 256-bit AES, 3DES, 802.1x RADIUS, DES, HTTPS, MD5, SHA-1, SSH, SSH-2|
|Numărul de tuneluri VPN||100|
|Jurnalul de evenimente pentru sistem||Da|
|Factorul de formă||1U|
|Culoarea produsului||Gri, Roşu|
|Memorie internă||1024 Mega bites|
|Tensiune de intrare AC||110-240V|
|Frecvență de intrare AC||50/60 Hz|
|Consum de energie (tipic)||30W|
|Suport Power over Ethernet (PoE)||Nu|
|Intervalul temperaturii de funcţionare (T-T)||0 - 40 °C|
|Intervalul de temperatură pentru depozitare (T-T)||-10 - 70 °C|
|Umiditate relativă de operare (H-H)||10 - 95%|
|Cabluri incluse||LAN (RJ-45), USB|
|Ghid de iniţiere rapidă||Da|
|Tip conector USB||USB A, USB B|