Nokia 500i

Nokia 500i VPN Gateway offers carrier-class high performance targeted to mobile and broadband operators - allowing them to create robust and scalable remote access VPN services. It provides the security to confidently connect mobile users to fixed resources. Nokia 500i's patent-pending Meta-Hop technology ensures that users stay connected and allows for execution of mission-critical applications.

A single Nokia 500i gateway can support up to 100,000 remote access users and offers 1.5 Gbps throughput.

Features

• Flexible expansion options, including Gigabit-ethernet connectivity
• Diskless support
• High MTBF components for excellent reliability
• NEBS-Compliant chassis for carrier-class resilience
• Appliances log and track multiple connection paths between users and the network
• Self-healing - if there is an Internet problem, 500i technology finds a better path
• Self-learning - 500i technology learns and retains network connection paths as new ones are added or old connection points are dropped

Benefits

• Optimized and fully tested solution helps ensure security and reliability
• Trusted reliable hardware ensures confidence in investment
• Best-in-class price/performance delivers optimal ROI
• Simple, yet comprehensive, security and management reduces complexity and administrative time and cost
• Single vendor for industry-leading support leverages security investments and helps deliver peace of mind

Nokia 500i

Performance and capacity

• AES-256 SHA-1 (1 node) = 1.5 Gbps
• AES-256 SHA-1 (2 node) = 1.8 Gbps
• Stateful Firewall (1 node) = 1.6 Gbps
• IKE Main Mode Tunnels = 100,000
• 4 integrated 10/100BaseT interfaces
• Up to 16 additional 10/100BaseT interfaces
• Up to 8 additional MMF or 10/100/1000BaseT interfaces

VPN

• IPSEC (RFC2401 - 12)
  
• Encapsulation Protocols
  - ESP Tunnel and Transport Mode (RFC2406)
  - AH Tunnel and Transport Mode (RFC2402)
• Data Encryption
  - AES 128, 192, and 256-bit (RFC3602)
  - DES 56-bit and 3DES 168-bit (RFC2405)
• Message Authentication - HMAC-SHA-1 (RFC2404)
  - HMAC-MD5 (RFC2403)
• Key Management (RFC2409)
  - IKE Main Mode
  - IKE Quick Mode
  - Perfect Forward Secrecy (RFC2409, RFC2412)
  - Diffie-Hellman Groups 1, 2, 5 (RFC2412, DIFF76)
  - Backup IKE Peer
  - Dead peer detection (RFC 3706)
• Remote Access
  - IPSEC (RFC3457)
  - L2TP (RFC2888, 2661)
  - PPTP (RFC2637)
  - L2TP within IPSEC (RFC3193)
• NAT Traversal (RFCs 3947 & 3948)
• Split Tunneling
• Network Topologies
  - Hub & Spoke
  - Full Mesh
  - Custom

Routing

• BGPv4 (RFC1711)
  - BGPv4 with MD5 (RFC2385)
• OSPFv2 (RFC2328, STD0054)
• RIPv1/v2 (RFC2453, STD0056)
  - RIPv2 with MD5
• Static Routes
• Routing over IPSEC

Addressing

• Network and Port Address Translation (RFC3022, RFC1918)
• DHCP (RFC2131 - 2, RFC3396, RFC3442)
  - Client
  - Server
  - Relay with BOOTP forwarding
• Point-to-Point Protocol (RFC1661 - 2, STD0051)
  - PPP over Ethernet (RFC2561)
  - Static Address

Clients

• Nokia Mobile VPN Client 3.0
• Native Microsoft Windows L2TP/IPSEC client support (for Windows 2000, Windows XP and Windows Mobile 2003 Second Edition)

Firewall

• Stateful Inspection
• Demilitarized Zone (DMZ)
• Protocol Support (partial list)
  - HTTP, HTTPS
  - SMTP, IMAP, POP3
  - Telnet, SSH
  - NetBIOS over TCP
  - ICMP, SNMP, DNS, NTP
• Application Gateways
  - FTP
  - TFTP
  - RTP (RealAudio/ RealVideo)
  - IRC Chat
  - Stateful TCP, UDP and ICMP Flows

Policy-based type of service

• Differentiated Services (DiffServ)
  - DiffServ with IPSEC

Meta-Hop and high availability

• Intelligent VPN
  - Self-Learning
  - Self-Healing
• VRRP
• IP Clustering
  - Dynamic Load Balancing
  - Active Session Failover
  - Zero Downtime Upgrades
  - Linear Scalability
• Prioritized External Interface Backup
  - Ethernet (including DSL/Cable)
  - Dial (including V.92/ISDN)
• Backup Hub
• High Reliability Hardware Design
  - Flash-based System

PKI and authentication services

• Nokia AOS Certificate Authority
  - X.509v3 digital certificates
  - CRLv2 certificate revocation
  - LDAPv3 certificate storage
  - PKCS#7, PKCS#10 certificate enrollment
  - SCEP client
• Nokia Security Service Manager Enrollment Gateway
• Password Authentication with CRACK
• 3rd Party Authentication Services
  - RADIUS
  - SecurID
  - LDAPv3
  - Microsoft Active Dir
  - Entrust Authority
  - Verisign PKI
  - Baltimore UniCERT
  - RSA Keon
  - Microsoft CA
  - Sun ONE Certificate Server

Management

• Nokia VPN Manager
  Key Features
  - SSLv3-secured Java GUI
  - Staging and Over-the-Air Provisioning
  - Rapid Deployment with Templates
  - Topology Mgmt with Partitions
  - Group Mgmt with Realms
  - Upgrades and Backup with Scheduled Operations
  - Generate Nokia Mobile VPN Policy Files
  - Performance Monitor
  - Platform Req'ts: Microsoft Windows 2000, XP, 2003 Server or Red Hat Enterprise Linux 3.0
• SSHv2-secured AOS CLI
• SNMPv1/v2/v3 (USM) (RFC3411 – 15, STD0062)
  - MIB-II (RFC1213)
  - IP MIB (RFC2011)
  - TCP MIB (RFC2012)
  - UDP MIB (RFC2013)
  - Interfaces Group MIB (RFC2863)
  - IP Forwarding Table MIB (RFC2096)
  - Host Resources MIB (RFC2667)
  - Nokia VPN IPSEC MIB
  - Nokia VPN L2TP/PPTP MIB
  - Nokia VPN Configuration MIB
• Syslog Logging
• NTPv3 Client
• Out-of-Band Mgmt via Modem

Dimensions and power

• Dimensions W 17" x H 1.71" x D 21.15" (43.2 cm x 8.79 cm x 53.72 cm)
• Weight 36 lbs. (16 kg)
• Power input 100V, 120V, 230V
• DC Power supply option
• NEBS-Compliant Chassis

Environment / certification

• Temperature 5ºC to -40ºC
• Humidity: 10% to -90% (non-condensing)
• Storage temperature: -20ºC to 60ºC

Nokia 500i

Nokia 500i can be easily managed using Nokia VPN Manager. With the graphical interface, IT managers can manage gateway policies and configurations using an easy-to-use, centralized management solution to deploy, deliver, and update VPN policies and configurations. Nokia 500i also features a full command-line interface, SNMPv3 monitoring and remote logging services.

• Deploy, deliver and update VPN policies and configurations for gateways and Nokia Mobile VPN clients on the enterprise network
• Schedule upgrades with limited manual intervention, without bringing the gateway down
  
• Applies user security policies and complex IPSec policies and network topologies across network gateways and/or mobile terminals
• Supports multiple common authentication methods, including RADIUS, LDAP, Microsoft Active Directory and PKI with X.509v3 from internal or external certificate authority

Nokia 500i

IPSec client for business optimized mobile phones

Nokia Mobile VPN Client is designed for mobile phones running the Symbian operating system and is almost transparent to the user. Once the application is launched, a connection is established and the mobile user is prompted for proof of identity using a token such as a SecurID password or a digital certificate. Once authentication to the corporate VPN occurs successfully, a VPN tunnel is established between the mobile phone and the corporate network and all data traveling to and from the device is encrypted, no matter what the mobile application. Because of the stringent security inherent in IPSec, the data is protected from being captured and retransmitted later and is received exactly how it was sent. Check the list of supported phone models from the Nokia Mobile VPN page.

Support

Nokia offers world-class global support and services to service providers, distributors, resellers and enterprise customers who buy, sell and use Nokia security and mobility products. Nokia is recognized for world-class support and is dedicated to excellence with Technical Assistance Centers around the world, and on-site service capabilities in 1,000+ metropolitan areas covering more than 150 countries.

• Global network of 7x24x365 Technical Assistance Centers
• Nokia First Call - Final Resolution support
• Worldwide product part spares and on-site services
• Software Subscription service delivers updates, minor feature releases and device compatibility

Visit business services and support for more information on support for security products.