Huawei Remote Access Security Solution for Enterprise Networks. -Secure and Stable Platforms for Network Interconnection and Data Interaction

(1)

Huawei Remote Access

Security Solution for

Enterprise Networks

HUAWEI TECHNOLOGIES CO., LTD.

-

Secure and Stable Platforms

for Network Interconnection

and Data Interaction

(2)

(3)

H u aw ei R em o te A cc es s Se cu rit y So lu tio n f o r En te rp ris e N et w o rk s Secur e and S

table Platforms for Network Inter

connection and Data Inter

action

1 Introduction

The Huawei VPN solution adopts tunneling and encryption technologies to build virtual private networks that are associated to the Internet. This solution is cost-effective and features secure interconnection. Therefore, it is widely accepted among enterprises. The Huawei VPN solution integrates a series of mature security gateways and VPN modules, such as the VPN Client and VPN Manager, to provide advanced remote access solutions to large and medium enterprises, operators, and ﬁnancial institutions.

Figure 1-1 Networking for the solution

Huawei Remote Access Solution

Carrier Large branches Headquarters PE PE PE Medium branches MPLS BGP VPN/VPLS/VLL

Provides enterprise VPN by means of carriers or private networks (connecting vertical industries and medium and large branches).

Provides network security isolation among different services.

Ensures high quality enterprise services and provides various forms of QOS.

Deploys enterprise VPN by means of the Internet (connecting mobile users and small and medium branches).

IPSec provides data encryption for branches.

SSL VPN provides mobile office users with access authentication and data encryption.

xDSL / GPON Mobile office users Partners R Branches in remote area

GRE over IPSec IPSec VPN SSL VPN Headquarters Internet AR E200E-X SSL VPN 3G upstream Branches E1000E-X R

As a professional security solution provider, Huawei provides a

comprehensive VPN solution to build secure and stable platforms

for network interconnection and data interaction. The Huawei VPN

solution helps enhance information capabilities and enable real-time

information sharing to increase the enterprise operation efﬁciency.

(4)

u aw ei R em o te A cc es s Se cu rit y So lu tio n f o r En te rp ris e N et w o rk s e and S

action

Highlights:

Comprehensive VPN Network Construction •

Solutions.

− Huawei provides a complete set of VPN gateways, from desktop gateways for small offices/home offices (SOHOs) to large-capacity gateways for distributed offices. The gateways have been certified by UL, CE, FCC, and Security Specification in China, Europe, Australia and some other countries and regions.

− The Eudemon200E-X series gateways support various access modes: E1, cE1, SA, ADSL, and 3G.

− The VPN Client, professional client software, which provides friendly GUIs and strict but flexible security policies, is used to ensure easy and secure access to VPN networks.

− The VPN Manager, which provides friendly GUIs and powerful deployment and management functions, is used to ensure unified deployment and management and reduce deployment and maintenance costs.

Rich Functions to Satisfy Various Networking •

Requirements

− Provides various IP VPN access modes such as L2TP, IPSec, GRE, MPLS and SSL.

− Supports multiple encryption algorithms such as DES, 3DES, and AES.

− Integrates IPSec VPN with MPLS VPN to provide ﬂexible and secure networks.

− Provides simple SSL VPN access. By means of APs, a user can use a standard Web browser to access the enterprise's intranet. Provides end-to-end hierarchical protection such as powerful authentication, ﬁne-grained access control to the intranet resources, and encryption algorithms like DES, 3DES and AES.

− Virtualizes a physical gateway into multiple logical ones that have the same functions of the physical gateway and support private network address overlap and preserve independent VPN routes and forwarding entries to ensure service security isolation.

E f f e c t i v e S S L V P N A u t h e n t i c a t i o n t o •

Guarantee Secure Access

− Supports remote access to applications in the enterprise intranet by means of SSL VPN.

− Supports the What You See Is What You Get (WYSIWYG) function for remote access to the Web through terminals.

− Supports security access to Web servers, shared ﬁles, and internal applications.

− Supports access to all services by means of VPN tunnels.

− Supports user authentication by user name and password.

− Supports mainstream authentication methods such as Radius, LDAP, SecurID, X.509 digital certificate and USBKEY + digital certiﬁcate.

− Provides system logs, administrator logs, and user access logs.

(5)

action

3 VPN Products

Products Quantity of L2TP

Tunnels Quantity of IPSec Tunnels Quantity of SSL Tunnels IPSec Encryption/Decryption Performance

SVN3000 / 500 1000 220 Mbit/s

Eudemon 200E-B 64 64 20 60 Mbit/s Eudemon 200E-C 2000 2000 100 400 Mbit/s Eudemon 200E-F 2000 2000 100 500 Mbit/s Eudemon 200E-X1/X1W 64 64 20 40 Mbit/s Eudemon 200E-X2/X2W 64 64 20 50 Mbit/s Eudemon 200E-X3 2000 2000 100 300 Mbit/s Eudemon 200E-X5 2000 2000 100 500 Mbit/s Eudemon 200E-X6 2000 2000 150 1 Gbit/s Eudemon 200E-X7 2000 2000 200 2 Gbit/s Eudemon 1000E-U2 15000 15000 / 2 Gbit/s Eudemon 1000E-U3 15000 15000 / 4 Gbit/s Eudemon 1000E-U5 15000 15000 / 5 Gbit/s Eudemon 1000E-U6 15000 15000 / 6 Gbit/s Eudemon 1000E-X3 / 15000 500 4 Gbit/s Eudemon 1000E-X5 / 15000 500 5 Gbit/s Eudemon 1000E-X7 / 15000 500 7 Gbit/s Eudemon 8080E Single board: 20000

Integrated device: 60000 40000 * 4 boards / 6.5 Gbit/s * 4 boards Eudemon 8160E Single board: 20000

Integrated device: 60000 40000 * 8 boards / 6.5 Gbit/s * 8 boards

VPN Gateways

Eudemon _Eudemon

SVN 3000 200E-B/C/F Eudemon8000E 200E-X 1000E-U_1000E-X

(6)

u aw ei R em o te A cc es s Se cu rit y So lu tio n f o r En te rp ris e N et w o rk s e and S

Huawei Remote Access Security Solution for Enterprise Networks. -Secure and Stable Platforms for Network Interconnection and Data Interaction