Hardware Interface Options
Many of the Nortel VPN Routers discussed so far have optional equipment
that can be supported. This section discusses some of these optional modules
and what each one can offer.
Peripheral Component Interconnect Expansion Slots
The Peripheral Component Interconnect (PCI) is a computer-based standard
that specifies the subsystem that provides for the transfer of data between
multiple computer components. PCI devices can be the circuits that are
installed on a computer motherboard, as well as expansion modules that fit
into expansion slots on a computer motherboard. By providing these expan-
sion slots and developing the separate expansion modules, users gain more
flexibility in choosing the functions that are (and will be) available to them.
10/100Base-T Ethernet
The Ethernet standard is a networking technology that was developed to
define wiring and signaling required in a LAN to transfer data. Ethernet
became popular in the 1990s and has become the most widely used network-
ing technology in most LANs today.
The 10/100Base-T Ethernet module’s name can be broken down as follows:
■■
10/100: Refers to the transmission speed that is supported by the mod-
ule. The “10” refers to a transmission speed of 10 Mbps and the “100”
refers to a transmission speed of 100 Mbps. This is a configurable
option, supporting either 10 or 100 Mbps.
■■
Base: Refers to the baseband signaling. A signal is a flow of electronic
information, usually modulated as a time or position function. Because
many lower signals are normally sent to higher signal frequencies for
transmission, the lower signals are considered the base, hence baseband
signaling.
■■
T: Refers to the twisted-pair cabling that is used for this standard.

1000Base-SX/1000Base-T Ethernet
1000Base-SX and 1000Base-T are Gigabit Ethernet (GbE) standards. 1000Base-T
is a GbE standard for implementing Ethernet at a speed of 1 gigabit per sec-
ond. While it is not a standard for most small LAN configurations, it is slowly
becoming a standard in many medium to large LANs.
42 Chapter 2
05_781274 ch02.qxp 6/22/06 12:12 AM Page 42
The 1000Base-SX and 1000Base-T Ethernet module’s name can be broken
down as follows:
■■
1000: Refers to the transmission of 1,000 Mbps, or 1 gigabit/second
(Gbps).
■■
Base: Refers to the baseband signaling.
■■
T: Refers to the twisted-pair cabling that is used for this standard.
■■
SX: Refers to the simplex multimode fiber cabling that is supported.
1000Base-T is one of the GbE standards that is supported on the Nortel VPN
Routers. At a minimum, the 100Base-T standard requires Category 5 enhanced
twisted-pair cabling.
1000Base-SX is one of the GbE standards that is supported on the Nortel
VPN Routers. 1000Base-SX requires multimode fiber-optic cabling. Multi-
mode fiber is used for shorter distances (normally within a building).
CSU/DSU
The Channel Service Unit (CSU)/Data Service Unit (DSU) is a device that is
used to connect a router to a digital circuit for the purpose of data transmission
over a high-speed network. The CSU/DSU works exactly like a modem does
for dial-access lines.
The CSU/DSU provides signal timing between the router and the end

device, typically a Telco switch. It also is the termination device between the
physical connections.
T1/E1
The T1 carrier is a digital communication service in use today in the United
States and in Japan. It is part of the T-carrier telecommunications system,
which was introduced by Bell Labs in the 1960s.
The T1 carrier system line supports twenty-four 64 Kbps channels for the
transmission of digital data. The T1 line incorporates Pulse Code Modulation
(PCM), which is a standard for digitizing analog data, and Time Division Multi-
plexing (TDM), which is a standard for transmitting multiple streams of data
into a single signal.
The T1 line can transmit data at an overall rate of 1.54 Mbps. In today’s
Internet, most Internet providers connect to the Internet over a T1 line. In the
business world, most major corporations use T1 to connect to the Internet
providers, ensuring the fast data rate through the entire communications
process.
The Nortel VPN Router 43
05_781274 ch02.qxp 6/22/06 12:12 AM Page 43
The E1 carrier is a European digital communication service that is in use by
pretty much the rest of the world. It is part of the E-carrier telecommunications
system. The E1 signal carries data at a rate of 2.048 Mbps and comprises thirty-
two 64 Kbps channels.
ADSL
As mentioned in Chapter 1, the Asymmetrical Digital Subscriber Line (ADSL) is
a Digital Subscriber Line (DSL) standard that utilizes the traditional telephone
cable and expands the bandwidth usage of that cable. ADSL is asymmetric in
that it can transfer data faster in one direction than it can in the other direction.
This is very desirable to users who have traditionally connected to the Internet
over a standard modem. ADSL provides rapid download speeds (256 Kbps to
8 Mbps). The upload speeds are typically 64 Kbps to 1,024 Kbps.

Another benefit of ADSL over a traditional modem is that you can use the
same line for a phone call and for Internet access. Traditional dialup modems
cannot run the two simultaneously.
Serial Interfaces (V.35, X.21, RS-232)
A serial interface (or serial port) is one where only 1 bit of information is trans-
mitted at a time, sent 1 bit after the other in a serial stream. In full-duplex
operation, the serial line will receive data over one line and will transmit over
another. In half-duplex operations, only one line is used.
The V.35 interface is a standard used by most routers in the United States
today to connect to T1 carriers for the purpose of synchronous data exchange.
An International Telecommunication Unit-Telecommunications sector (ITU-T)
standard, the V.35 standard supports data transmission speeds up to 48 Kbps.
The X.21 interface supports the X.21 standard that is governed by the ITU-T.
X.21 is a standard for data communication between user devices and a circuit
switch network supporting speeds up to 2 Mbps, although data transfer at
64 Kbps is the most commonly used speed.
RS-232 is the most commonly used serial line standard. The RS stands for
“Recommended Standard” and it is a standard defining communications
between a Data Terminal Equipment (DTE) interface (such as a computer) and a
Data Circuit Equipment (DCE) interface (such as a modem). The RS-232 stan-
dard does not establish transmission speeds like the X.21 and the V.35 do. The
RS-232 standard is maintained by the Electronic Industries Alliance (EIA) and
the Telecommunications Industry Association (TIA).
44 Chapter 2
05_781274 ch02.qxp 6/22/06 12:12 AM Page 44
V.90 Dial Access Modem
Sometimes referred to as the V.Last modem standard, the V.90 is a standard
approved by the International Telecommunication Union (ITU) for the 56
Kbps modem. The introduction of the V.90 standard merged some proprietary
modem standards into a standard that most modem manufacturers now con-

form to.
Modems that were produced prior to the V.90 standard can, for the most
part, be upgraded with software to make them V.90-compliant. The V.90 stan-
dard communicates at a download speed of 56 Kbps and an upload speed of
33.6 Kbps. The V.90 standard is referred to as V.Last because, at the time it became
a standard, it was thought that it would be the last standard for a traditional
modem. Interestingly enough, other standards have been introduced since.
High Speed Serial Interface
The High Speed Serial Interface (HSSI) standard is a serial interface that can sup-
port data transmission as fast as 52 Mbps. HSSI is used to connect a DTE
device to a DCE device and is normally supported over a T3 line.
HSSI is supported over short distances (up to 50 feet) and can interconnect
the slower LAN speeds with the high speed afforded on the Internet. It uses
shielded twisted-pair (STP) cabling.
HSSI operates at Layer 1 of the OSI Reference Model. It controls both the
physical and the electrical interfaces on the DCE and the DTE equipment, and
utilizes a standard called “gapped timing,” which allows a DTE device to con-
trol the timing of data from the DCE device by adjusting the clock speed.
Encryption Accelerator Modules
The Encryption Accelerator Module is used to encrypt and compress IPSec data
that is forwarded to the VPN Router. The module supports AES-128 crypto-
graphy with SHA-1 authentication, as well as 3DES with either SHA-1 or MD5
authentication. The module comes with 64MB of RAM. This allows the mod-
ule to handle most of the IPSec encryption and, therefore, frees the router’s
CPU cycles to process other data.
Console Port (DB-9)
The console port is a standard user interface that allows direct access to the
router for management of the router. This is very useful when first configuring
the router, as well as allowing access when a Telnet session is not available.
The Nortel VPN Router 45

05_781274 ch02.qxp 6/22/06 12:12 AM Page 45
The DB-9 interface is a standard interface that identifies the shape and the
number of pins contained in the interface. It consists of two rows of parallel
pins, four pins on the top and five on the bottom. The interface itself is shaped
like a “D.” Most network devices have this type of a console connection that
allows access to the device.
Nortel VPN Router Solutions
The Nortel VPN Router family has a VPN Router model that will serve the
needs of anyone who utilizes VPN for data security and remote access. From
remote office to remote office communications, to retail store remote access to
a corporate LAN, the Nortel VPN Router portfolio can meet the needs of any
VPN solution.
There are thousands of network configurations out in the world today. Each
of these networks maintains different topology configurations. Networks uti-
lize different protocols for data communication, and each of them supports
different business needs. Because there is such a diverse set of needs, Nortel
has provided a solution that can support these needs.
For the employee who works from home and needs reliable, secure access to
the corporate network, Nortel offers various solutions. Figure 2-2 shows a cou-
ple of Nortel VPN Routers that would support a home-based tunnel.
Figure 2-2: The VPN Router 100, 221, and 251 are all good home office VPN solutions
Home Office
Nortel VPN
Router 100
Nortel VPN
Router 221
and 251
Corporate Lan
46 Chapter 2
05_781274 ch02.qxp 6/22/06 12:12 AM Page 46

Nortel also has a solution for companies having remote offices that share
data. Figure 2-3 shows an example of a remote office-to-remote office tunnel.
For the remote offices that need to connect to the corporate office to share
data and utilize corporate resources, Nortel offers several routers that can sup-
port this type of configuration. Figure 2-4 shows an example of remote Branch
office connectivity.
Figure 2-3: The VPN Router 600 is a great branch office–to–branch office solution.
Figure 2-4: Nortel VPN Router 1010, 1050, and 1100 are all excellent solutions for remote
branch offices.
Remote Office
VPN Router
1050
VPN Router
1010
VPN Router
1100
Remote Branch Office A
Remote Branch Office B
Nortel VPN 600
The Nortel VPN Router 47
05_781274 ch02.qxp 6/22/06 12:12 AM Page 47
Nortel also offers several VPN Routers that can serve as a core edge VPN
Router for small (see Figure 2-5), medium (see Figure 2-6), and large (see Fig-
ure 2-7) LAN campuses.
VPN Router 100
The VPN Router 100 is designed with smaller branch offices and telecom-
muters in mind. The VPN Router 100 allows for one WAN connection and up
to five active tunnels.
The VPN Router 100 is a very cost effective model. It supports home-based
users, as well as small branch offices. The VPN Router 100 can be implemented

into a current network design without causing changes to the current configu-
ration of the devices on the network.
The VPN Router 100 also supports proxy firewall solutions, which allows
for all traffic destined for the Internet to be forwarded to a firewall server. This
helps control the data that can be accessed on the Internet, as well as control
access to the private network.
Figure 2-5: The Nortel VPN Router 1740 and 1750 are made to support smaller corporate
LANs.
LAN Segment
Smaller-sized Corporate LAN
LAN Segment
VPN Router
1740
VPN Router
1750
48 Chapter 2
05_781274 ch02.qxp 6/22/06 12:12 AM Page 48
Figure 2-6: The Nortel VPN Router 2700 is a great solution for medium-sized corporate
LANs.
Figure 2-7: The Nortel VPN Router 5000 is designed with large corporate LANs in mind.
LAN Segment
LAN Segment
LAN Segment
LAN Segment
Large-sized Corporate LAN
Nortel VPN
Router 5000
LAN Segment
LAN Segment
Medium-sized Corporate LAN

LAN Segment
VPN Router
2700
The Nortel VPN Router 49
05_781274 ch02.qxp 6/22/06 12:12 AM Page 49
Overview
The VPN Router 100 provides and supports connectivity over the Internet to a
LAN. It supports IPSec tunneling, encryption, authentication, and firewall
protection.
The VPN Router 100 is great for smaller remote users, especially when cost is
a major consideration. It gives the security and encryption necessary to main-
tain security without requiring any additional external networking equipment.
Remote management access is supported on this router, which is a huge
benefit, especially when the corporate LAN supports multiple remote offices.
User access through an Internet Branch Office Tunnel is made available with-
out any changes to current remote LAN applications and configurations.
Technical Specifications
The VPN Router 100 contains 16MB of RAM and has 8MB on-board flash
memory. It comes with standard User and Network Interfaces. There is one
10/100 Ethernet LAN port, along with a seven-port 10/100 Ethernet switch for
users. Finally, as a standard interface, there is a serial port for out-of-band
management. There are several optional interfaces for the VPN Router 100 as
well. The router will support an additional 10/100 Ethernet interface, an ISDN
interface, and a single or a dual analog modem. Figure 2-8 shows the VPN
Router 100.
VPN Router 200 Series
The VPN Router 200 series is designed with smaller branch offices and
telecommuters in mind. It is available in two models: the VPN Router 221 and
the VPN Router 251.
The VPN Router 200 series provides advanced IPSec capabilities and sup-

ports up to five VPN tunnels. The VPN Router 200 series supports stateful fire-
wall and URL/content filtering. The VPN Router 200 series also contains an
integrated ADSL option.
VPN Router 221
The Nortel VPN Router 221 is designed for home-based employees and
branch offices. It is a cost-effective solution that supports stateful firewall
inspection, as well as Denial of Service (DoS) protection. In addition to stateful
firewall and VPN services, the VPN Router 221 supports IP routing and con-
tent filtering. It is an all-in-one solution. Encryption standards that are sup-
ported on the VPN 221 are Data Encryption Standard (DES), Triple Data
Encryption Standard (3DES), and Advanced Encryption Standard (AES).
50 Chapter 2
05_781274 ch02.qxp 6/22/06 12:12 AM Page 50
Figure 2-8: The Nortel VPN Router 100
Overview
The VPN Router 221 provides and supports connectivity over the Internet to a
LAN. It supports IPSec tunneling, encryption, authentication, and firewall
protection.
The VPN Router 221 is great for smaller remote use, especially when cost is a
major consideration. It gives the security and encryption necessary to maintain
security without requiring any additional external networking equipment.
Remote-management access is supported on this router, which is a huge
benefit, especially when the corporate LAN supports multiple remote offices.
User access through an Internet Branch Office Tunnel is made available with-
out any changes to current remote LAN applications and configurations.
Technical Specifications
The VPN Router 221 comes with standard user and network interfaces. There
is one 10/100 Ethernet LAN port, along with a four-port 10/100 Ethernet
switch for users. As a standard interface, there is a console port for out-of-band
management. Figure 2-9 shows the VPN Router 221.

The Nortel VPN Router 51
05_781274 ch02.qxp 6/22/06 12:12 AM Page 51
Figure 2-9: The Nortel VPN Router 221
VPN Router 251
The Nortel VPN Router 251 is designed for home-based employees and
branch offices. It is a cost-effective solution that supports stateful firewall
inspection, as well as DOS protection. In addition to stateful firewall and VPN
services, the VPN Router 251 supports IP routing and content filtering. It is an
all-in-one solution. Encryption standards that are supported on the VPN 251
are DES, 3DES, and AES.
Overview
The VPN Router 251 provides and supports connectivity over the Internet to a
LAN. It supports IPSec tunneling, encryption, authentication, and firewall
protection.
The VPN Router 251 is great for smaller remote use, especially when cost is a
major consideration. It gives the security and encryption necessary to maintain
security without requiring any additional external networking equipment.
Remote management access is supported on this router, which is a huge
benefit, especially when the corporate LAN supports multiple remote offices.
52 Chapter 2
05_781274 ch02.qxp 6/22/06 12:12 AM Page 52
User access through an Internet Branch Office Tunnel is made available with-
out any changes to current remote LAN applications and configurations.
Technical Specifications
The VPN Router 251 comes with standard user and network interfaces. There
is a four-port 10/100 Ethernet switch for users. The VPN Router 251 also has
the integrated ADSL interface. As a standard interface, there is a console port
for out-of-band management. Figure 2-10 shows the VPN Router 251.
VPN Router 600
The VPN Router 600 is designed to support multiple branch office-to-branch

office connections, as well as being able to support LANs that require up to 50
IPSec tunnels and several WAN connections.
Overview
The VPN Router 600 provides and supports connectivity over the Internet to a
LAN. It supports IPSec tunneling, encryption, authentication, and firewall
protection.
Figure 2-10: The Nortel VPN Router 251
The Nortel VPN Router 53
05_781274 ch02.qxp 6/22/06 12:12 AM Page 53
The VPN Router 600 is great not only for branch offices, but also as either a
hub or a spoke, depending on your network requirements. It gives the security
and encryption necessary to maintain security without requiring any addi-
tional external networking equipment.
Remote-management access is supported on this router, which is a huge
benefit, especially when the corporate LAN supports multiple remote offices.
User access through an Internet Branch Office Tunnel is made available with-
out any changes to current remote LAN applications and configurations.
Technical Specifications
The VPN Router 600 comes with standard user and network interfaces. There
are two 10/100 Ethernet LAN ports, as well as a console port for out-of-band
management. Optional interfaces include another 10/100Base-T Ethernet port,
a T1/E1, V.90 Dial Modem, ADSL, and 56/64K CSU/DSU. With 128MB RAM
and a PCI expansion slot, the VPN Router 600 can handle the needs of smaller
VPNs. Figure 2-11 shows the VPN Router 600.
Figure 2-11: The Nortel VPN Router 600
54 Chapter 2
05_781274 ch02.qxp 6/22/06 12:12 AM Page 54
VPN Router 1000 Series
The VPN Router 1000 series provides IPSec for branch offices that require up
to 30 active tunnels. It provides advanced IPSec capabilities, as well as firewall

capabilities. Advanced licensing ensures that the VPN Router 1000 series can
grow to meet the needs of your network security as these needs arise. This
series supports IPSec, L2TP, PPTP, and L2F tunnels. Advanced logging capa-
bilities ensure that all traffic is logged for auditing. The VPN Router 1000 sup-
ports multiple authentication protocols, including LDAP, RADIUS, SecureID,
X.509 certificates, and smart cards.
VPN Router 1010
The VPN Router is a compact solution ideal for remote offices. It can support
up to five concurrent tunnels. The VPN Router 1010 comes with standard dual
10/100Base-T Ethernet ports. One of the Ethernet ports is for the private LAN
and it is labeled LAN0 on the front of the VPN Router. The other Ethernet port
is for the public LAN and it is labeled LAN1 on the front of the chassis.
Overview
The VPN Router 1010 provides and supports connectivity over the Internet to
a LAN. It supports IPSec tunneling, encryption, authentication, and firewall
protection. This router supports IP routing with load-balancing, ensuring that
network traffic continues even when a problem arises. This capability sup-
ports both tunneled and non-tunneled traffic.
The VPN Router 1010 is great not only for branch offices, but also as either a
hub or a spoke, depending on your network requirements. It gives the security
and encryption necessary to maintain security without requiring any addi-
tional external networking equipment.
Remote-management access is supported on this router, which is a huge
benefit, especially when the corporate LAN supports multiple remote offices.
User access through an Internet Branch Office Tunnel is made available with-
out any changes to current remote LAN applications and configurations.
Technical Specifications
The VPN Router 1010 contains 128MB of RAM and has 64MB on-board flash
memory. It comes with standard user and network interfaces. There are two
10/100Base-T Ethernet LAN ports, as well as a console port for out-of-band

management.
The Nortel VPN Router 55
05_781274 ch02.qxp 6/22/06 12:12 AM Page 55
Standard software options allow for up to five VPN tunnels and RIPv2 IP
routing support. Also standard is the Nortel VPN Client software with unlim-
ited license. Optionally, there are license upgrades available to support the
following:
■■
Advanced routing
■■
OSPF
■■
VRRP
■■
Bandwidth management
■■
Data Link Switching (DLSW)
■■
VPN tunnel upgrade (up to 30 tunnels)
■■
Stateful firewall
Figure 2-12 shows the VPN Router 1010.
Figure 2-12: The Nortel VPN Router 1010
56 Chapter 2
05_781274 ch02.qxp 6/22/06 12:13 AM Page 56
VPN Router 1050
The VPN Router is a compact solution ideal for remote offices. It can support
up to five concurrent tunnels. The VPN Router 1050 comes with a standard
single 10/100Base-T Ethernet port. In addition to the single Ethernet port, the
1050 also includes an internal auto-negotiating 10/100 four-port Ethernet

switch. The four-port switch is the private-side LAN0 interface, and the single
port is the public-side interface.
Overview
The VPN Router 1050 provides and supports connectivity over the Internet to
a LAN. It supports IPSec tunneling, encryption, authentication, and firewall
protection. This router supports IP routing with load-balancing, ensuring that
network traffic continues even when a problem arises. This capability sup-
ports both tunneled and non-tunneled traffic.
The VPN Router 1050 is great not only for branch offices, but also as either a
hub or a spoke, depending on your network requirements. It gives the security
and encryption necessary to maintain security without requiring any addi-
tional external networking equipment.
Remote-management access is supported on this router, which is a huge
benefit, especially when the corporate LAN supports multiple remote offices.
User access through an Internet Branch Office Tunnel is made available with-
out any changes to current remote LAN applications and configurations.
Technical Specifications
The VPN Router 1050 contains 128MB of RAM and has 64MB on-board flash
memory. It comes with standard user and network interfaces. There is one
10/100Base-T Ethernet LAN port, a four-port 10/100 Ethernet switch, as well
as a console port for out-of-band management.
Standard software options allow for up to five VPN tunnels and RIPv2 IP rout-
ing support. Also standard is the Nortel VPN Client software with unlimited
license. Optionally, there are license upgrades available to support the following:
■■
Advanced routing
■■
OSPF
■■
VRRP

■■
Bandwidth management
■■
DLSW
■■
VPN tunnel upgrade (up to 30 tunnels)
■■
Stateful firewall
Figure 2-13 shows the VPN Router 1050.
The Nortel VPN Router 57
05_781274 ch02.qxp 6/22/06 12:13 AM Page 57
Figure 2-13: The Nortel VPN Router 1050
VPN Router 1100
Just like the VPN Router 1050, the VPN Router 1100 is a compact solution ideal
for remote offices. It can support up to five concurrent tunnels. The VPN
Router 1100 comes with a standard single 10/100Base-T Ethernet port. In addi-
tion to the single Ethernet port, the 1050 also includes an internal auto-
negotiating 10/100 four-port Ethernet switch. Finally, the VPN Router 1100
includes two PCI slots to accommodate optional solutions. The four-port
switch is the private-side LAN0 interface, and the single port is the public-side
interface.
Overview
The VPN Router 1100 provides and supports connectivity over the Internet to
a LAN. It supports IPSec tunneling, encryption, authentication, and firewall
protection. This router supports IP routing with load-balancing, ensuring that
network traffic continues even when a problem arises. This capability sup-
ports both tunneled and non-tunneled traffic.
58 Chapter 2
05_781274 ch02.qxp 6/22/06 12:13 AM Page 58
The VPN Router 1100 is great not only for branch offices, but also as either a

hub or a spoke, depending on your network requirements. It gives the security
and encryption necessary to maintain security without requiring any addi-
tional external networking equipment.
Remote-management access is supported on this router, which is a huge
benefit, especially when the corporate LAN supports multiple remote offices.
User access through an Internet Branch Office Tunnel is made available with-
out any changes to current remote LAN applications and configurations.
Technical Specifications
In addition to 228MB of RAM and 64MB on-board flash memory, the VPN
Router 1100 also has two PCI expansion slots. It supports one 10/100Base-T
Ethernet LAN port, and has a four-port 10/100 Ethernet switch, as well as a
console port for out-of-band management. Optional interfaces include another
10/100Base-T Ethernet port, T1/E1, ADSL, and 56/64K CSU/DSU.
Standard software options allow for up to five VPN tunnels and RIPv2 IP
routing support. Also standard is the Nortel VPN Client software with unlim-
ited license. Optionally, license upgrades are available to support the following:
■■
Advanced routing
■■
OSPF
■■
VRRP
■■
Bandwidth management
■■
DLSW
■■
VPN tunnel upgrade (up to 30 tunnels)
■■
Stateful firewall

Figure 2-14 shows the VPN Router 1100.
VPN Router 1700 Series
The VPN Router 1700 series supports up to 500 tunnels and is designed with
larger branch offices and campuses in mind. Advanced licensing ensures that
the VPN Router 1700 series can support current network configurations and
can grow to meet the needs of your network security as these needs arise. Like
the VPN Router 1000 Series, this series supports IPSec, L2TP, PPTP, and L2F
tunnels. Advanced logging capabilities ensure that all traffic is logged for
auditing. The VPN Router 1700 supports multiple authentication protocols,
including LDAP, RADIUS, SecureID, X.509 certificates, and smart cards.
The Nortel VPN Router 59
05_781274 ch02.qxp 6/22/06 12:13 AM Page 59
Figure 2-14: The Nortel VPN Router 1100
VPN Router 1700
The VPN Router 1700 supports up to 500 tunnels. It supports IPSec, PPtP,
L2TP, and L2F tunneling, encryption, authentication, and firewall protection.
This router supports IP Routing with load-balancing, ensuring that network
traffic continues even when a problem arises. This capability supports both
tunneled and non-tunneled traffic.
The VPN Router 1700 is great for campuses that require up to 500 tunnels. It
gives the security and encryption necessary to maintain security without
requiring any additional external networking equipment. It supports secure IP
access, full VPN services, and stateful firewall.
Remote-management access is supported on this router, which is a huge
benefit, especially when the corporate LAN supports multiple remote offices.
User access through an Internet Branch Office Tunnel is made available with-
out any changes to current remote LAN applications and configurations.
60 Chapter 2
05_781274 ch02.qxp 6/22/06 12:13 AM Page 60
VPN Router 1740

The VPN Router 1740 is a compact solution ideal for large remote offices and
small LAN campuses. It comes in two models: the VPN Bundle and the Secure
Router Bundle. The VPN Bundle can support up to five concurrent tunnels
and the Secure Router Bundle can support up to 500 concurrent tunnels. The
VPN bundle also comes with two 10/100Base-T Ethernet ports and three PCI
expansion slots for optional standards. The Secure Router Bundle comes stan-
dard with one 10/100Base-T Ethernet port and four expansion slots.
Overview
The VPN Router 1740 can support up to 500 tunnels. It supports IPSec, PPtP,
L2TP, and L2F tunneling, encryption, authentication, and firewall protection.
This router supports IP routing with load-balancing, ensuring that network
traffic continues even when a problem arises. This capability supports both
tunneled and non-tunneled traffic.
The VPN Router 1740 is great for campuses that require up to 500 tunnels. It
gives the security and encryption necessary to maintain security without
requiring any additional external networking equipment. It supports secure IP
access, full VPN services, and stateful firewall.
Remote-management access is supported on this router, which is a huge
benefit, especially when the corporate LAN supports multiple remote offices.
User access through an Internet Branch Office Tunnel is made available with-
out any changes to current remote LAN applications and configurations.
Technical Specifications
In addition to 128MB of RAM (upgradeable to 256MB), the VPN Router 1740
also has two 10/100Base-T Ethernet ports (VPN Bundle) or one 10/100Base-T
Ethernet port (Secure Router Bundle). It has three expansion slots (VPN Bundle)
and four expansion slots (Secure Router Bundle), as well as a console port for
out-of-band management. Optional interfaces include another 10/100Base-T
Ethernet port, T1/E1, ADSL, 56/64K CSU/DSU, V.90 dial modem, and
100Base-T or 100Base-SX Ethernet.
Standard software options are the Secure Router Bundle, which allows for

up to 5 VPN tunnels and RIPv2 IP Routing support. Also standard is the Nor-
tel VPN Client software with unlimited license. The other software standard
option is the VPN Bundle, which supports up to 500 VPN tunnels and RIPv2
support, as well as the VPN Client software package.
The Nortel VPN Router 61
05_781274 ch02.qxp 6/22/06 12:13 AM Page 61
Optionally, there are license upgrades available to support the following:
■■
Advanced routing
■■
OSPF
■■
VRRP
■■
Bandwidth management
■■
DLSW
■■
VPN tunnel upgrade (up to 500 tunnels)
■■
Stateful firewall
Figure 2-15 shows the VPN Router 1740.
VPN Router 1750
The VPN Router 1750 is a solution ideal for large remote offices and small
LAN campuses. The VPN Router 1750 comes with two 10/100Base-T Ethernet
ports and four PCI expansion slots for optional standards.
Figure 2-15: The Nortel VPN Router 1740
62 Chapter 2
05_781274 ch02.qxp 6/22/06 12:13 AM Page 62
Overview

The VPN Router 1750 supports up to 500 tunnels. It supports IPSec, PPtP,
L2TP, and L2F tunneling, encryption, authentication, and firewall protection.
This router supports IP routing with load-balancing, ensuring that network
traffic continues even when a problem arises. This capability supports both
tunneled and non-tunneled traffic.
The VPN Router 1750 is great for campuses that require up to 500 tunnels. It
gives the security and encryption necessary to maintain security without
requiring any additional external networking equipment. It supports secure IP
access, full VPN services, and stateful firewall.
Remote-management access is supported on this router, which is a huge
benefit, especially when the corporate LAN supports multiple remote offices.
User access through an Internet Branch Office Tunnel is made available with-
out any changes to current remote LAN applications and configurations.
Technical Specifications
In addition to 128MB of RAM (upgradable to 256MB), the VPN Router 1750
also has two 10/100Base-T Ethernet ports, has four expansion slots, and a con-
sole port for out-of-band management. Optional interfaces include another
10/100Base-T Ethernet port, T1/E1, ADSL, 56/64K CSU/DSU, V.90 dial
modem, and 100Base-T or 100Base-SX Ethernet.
Standard software options allow for up to five VPN tunnels and RIPv2 IP
routing support. Also standard is the Nortel VPN Client software with unlim-
ited license.
Optionally, there are license upgrades available to support the following:
■■
Advanced routing
■■
OSPF
■■
VRRP
■■

Bandwidth management
■■
DLSW
■■
VPN tunnel upgrade (up to 500 tunnels)
■■
Stateful firewall
Figure 2-16 shows the VPN Router 1750.
VPN Router 2700
The VPN Router 2700 is a VPN solution ideal for medium- to large-sized LAN
campuses. The VPN Router 2700 can support up to 2,000 concurrent tunnels.
Optional software licensing can ensure that the VPN Router 2700 can support
your network as an IP router, a dedicated VPN switch, a firewall solution, or
any combination of these.
The Nortel VPN Router 63
05_781274 ch02.qxp 6/22/06 12:13 AM Page 63
Figure 2-16: The Nortel VPN Router 1750
Overview
The VPN Router 2700 supports up to 2,000 tunnels. It supports IPSec, PPTP,
L2TP, and L2F tunneling, encryption, authentication, and firewall protection.
This router supports IP routing with load-balancing, ensuring that network
traffic continues even when a problem arises. This capability supports both
tunneled and non-tunneled traffic.
The VPN Router 2700 is designed with large organizations in mind. It gives
the security and encryption necessary to maintain security without requiring
any additional external networking equipment. It supports secure IP access,
full VPN services, and stateful firewall.
Technical Specifications
In addition to 256MB of RAM (upgradable to 512MB) the VPN Router 2700
also has a 1.33 GHz processor, three PCI slots, and an optional SSL VPN mod-

ule. The router has two standard 10/100Base-T Ethernet ports and a console
port for out-of-band management. Optional interfaces include another
10/100Base-T Ethernet port, T1/E1 w CSU/DSU, ADSL, 56/64K CSU/DSU,
V.90 dial modem, and a HighSpeed Serial Interface (HSSI).
64 Chapter 2
05_781274 ch02.qxp 6/22/06 12:13 AM Page 64
Standard software options include the Secure Router Bundle (which allows
for up to five VPN tunnels and RIPv2 IP routing support) and the VPN Bundle
(which includes support for 2,000 VPN Tunnels with RIPv2 support). Standard
with each package is the Nortel VPN Client software with unlimited license.
Optionally, there are license upgrades available to support the following:
■■
Advanced routing
■■
OSPF
■■
VRRP
■■
Bandwidth management
■■
DLSW
■■
VPN tunnel upgrade (up to 2000 tunnels)
■■
Stateful firewall
Figure 2-17 shows the VPN Router 2700.
Figure 2-17: The Nortel VPN Router 2700
The Nortel VPN Router 65
05_781274 ch02.qxp 6/22/06 12:13 AM Page 65
VPN Router 5000

Optional software licenses ensure that the VPN Router 5000 can support
numerous functions in an enterprise LAN. It can serve as an IP router, a VPN
solution, a firewall solution, and any combination of these. The VPN 5000 can
support 5,000 concurrent tunnels, and it does include hardware redundancy.
The VPN Router 5000 includes standard an 10/100Base-T Ethernet port, as
well as a 10/100/1000Base-T (GigE) Ethernet port.
Overview
The VPN Router 5000 supports up to 5,000 tunnels. It supports IPSec, PPTP,
L2TP, and L2F tunneling, encryption, authentication, and firewall protection.
This router supports IP routing with load-balancing, ensuring that network
traffic continues even when a problem arises. This capability supports both
tunneled and non-tunneled traffic.
The VPN Router 5000 is designed with large organizations in mind. It gives
the security and encryption necessary to maintain security without requiring
any additional external networking equipment. It supports secure IP access,
full VPN services, and stateful firewall.
Technical Specifications
In addition to 512MB of RAM (upgradable to 1.5GB) the VPN Router 5000 also
has dual 2.2 GHz processors, five PCI slots, an optional SSL VPN module, one
standard Encryption Accelerator Module (with an optional second Accelerator
Module), dual power supplies (hot-swappable), and dual hard disk drives.
The router has a standard 10/100/1000Base-T Ethernet port, one 10/100Base-T
Ethernet port, and a console port for out-of-band management. Optional inter-
faces include another 10/100Base-T Ethernet port, T1/E1 w CSU/DSU, ADSL,
56/64K CSU/DSU, V.90 dial modem, and a High-Speed Serial Interface (HSSI).
Standard software options include support for 5,000 VPN Tunnels with
RIPv2 support. Standard with each package is the Nortel VPN Client software
with unlimited license.
Optionally, there are license upgrades available to support the following:
■■

Advanced routing
■■
OSPF
■■
VRRP
■■
Bandwidth management
■■
DLSW
■■
Windows Mobile
■■
Stateful firewall
Figure 2-18 shows the VPN Router 5000.
66 Chapter 2
05_781274 ch02.qxp 6/22/06 12:13 AM Page 66