Intel Express Routers 9000 User Manual
Page 2
The features described below are supported by
all Intel Express Routers. The router models are
differentiated by the WAN support they provide.
Secure business communication over the Internet –
Virtual Private Networks and more
The Internet offers unprecedented savings as a means of
long distance corporate communication. In fact, Internet
access can easily cost as little as 20% of the cost of a traditional
WAN connection. But how do you keep your vital business
data secure as it crosses the public domain?
Intel Express Routers provide a simple and inexpensive
solution, enabling you to create a highly secure Virtual Private
Network (VPN) over the Internet and public Frame Relay
and X.25 networks. There’s no need to alter your existing
network architecture. Security is provided by using an Intel
router for each point at which you connect to the Internet.
Powerful encryption keeps your data private. (See the side
bar on tunneling for more information.)
Other security features include:
■
Data encryption. Encryption is available when used over
Point-to-Point Protocol (PPP) or Frame Relay links. Encryption
is performed using the Blowfish algorithm, with a 144 bit
encryption key. For best effectiveness, encryption is performed
across the entire data stream rather than on individual packets
only. All Express Router models come in two versions – with
or without encryption.
■
Network Address Translation (NAT). Network Address
Translation enhances security by hiding internal IP addresses
when data is sent over the Internet or WAN. NAT also provides
considerable savings in time and money by eliminating the need
to redesign your business’s internal TCP/IP addressing scheme
when connecting to the Internet or remote sites with conflicting
IP addressing schemes.
Using NAT, an Intel Express Router automatically assigns
a unique Internet IP address to each internal LAN address,
enabling transparent communication with those outside your
corporate network. Alternatively, the router can maintain a
pool of unique IP addresses, assigning a temporary address to
a workstation whenever it connects over the Internet or WAN.
This method requires fewer official Internet IP addresses.
■
Authentication – PAP, CHAP. To ensure that Intel
Express Routers communicate only with other authorized
devices, the routers can be configured to use the Password
Authentication Protocol (PAP) or the Challenge Handshake
Authentication Protocol (CHAP) when communicating
over PPP links. The routers will demand authentication
whenever the link is established.
Over ISDN (EuroISDN only) and analog modems, PPP
Call Back can be used for authentication. If a user dials in for
access to the LAN, the router cuts the connection, then calls
back to ensure that it’s an authorized link. PPP Call Back is
compatible with the Microsoft Call Back standard.
■
Filtering. IP and IPX filtering eliminates unauthorized
communication over the WAN or LAN link. By tightly
defining filters to pass communication only to and from
authorized sources, links remain secure.
Comprehensive cost control of WAN links
Traditionally, WAN link traffic is by far the most expensive
cost component of WAN connections. Intel Express Routers
help control WAN link costs while also maximizing the avail-
able bandwidth for data communication. They do this in a
variety of ways:
■
Data compression. Data compression allows the trans-
mission of more information over the same bandwidth on
a WAN connection. Software-based LZS data compression
is supported in the Intel Express 9100, 9200, 9201 and
9300 Routers for Frame Relay and PPP. LZS is an industry
accepted specification providing typical compression rates
of approximately 4:1 and interoperability with other routers.
The hardware-based data compression supported in the Intel
Express Router 9400 is also based on the LZS algorithm.
This distinctive feature allows compression while running at
full bandwidth. X.25 and LAPB compression is supported
in an implementation that requires Express Routers at both
ends of the connection.
■
Filtering. Filtering eliminates unnecessary communication
over the WAN link. With tightly defined filters, only essential
traffic passes through, thus lowering communication costs. The
Intel Express Routers support filters for IP, IPX and bridging.
2
Intel Express Routers
NP0803_2.qxd 8/15/97 4:22 PM Page 2