Funkwerk RS230au+ UMTS Modem, Gigabit Ethernet, IP Access Router

Funkwerk's new IP Access Router featuring ADSL2+ modem (Annex A, POTS), UMTS (3,5G/USPA+) Modem, IPSec (5 tunnels) with certificates, HW encryption, 4+1 Gigabit Eth. switch and a USB port

 The Funkwerk RS230au + router is a powerful and flexible router as it is equipped with many ports, an integrated modem that supports ADSL2+ standard ADSL Annex A (ADSL over POTS) in accordance with ITU G992.1, and an UMTS modem, supporting HSxPA + (3.5G), EDGE, GPRS and GSM used as Internet connection or as a backup (backup).

• UMTS (3.5G, HSPA+, 21.1/5.76 Mbps) modem
• ADSL 2+ modem - ADSL over POTS
• 5 x Gigabit Ethernet
• Web-based configuration / wizards
• IPSec - 5 tunnels, HW acceleration
• Prepared for IPv6
• Stateful Inspection Firewall

Designed in a rugged metal housing, it makes it ideal for SMBs/SMIs, agencies as well as home workers. This equipment has more than 5-port Gigabit Ethernet, which can be configured in LAN, WAN or DMZ, and comes from the factory with a license supporting five IPSec tunnels with hardware accelerator.

Using functions flexibly

Only a few functions are required to forward data packets between two networks. The Funkwerk RS230au+ has features that go far beyond just routing and allow it to be integrated into complex IT infrastructures. By using Extended Routing and NAT (ERN) the data can be routed in IP routing according to criteria such as IP protocols (Layer 4), source or destination IP address, source or destination port, TOS/DSCP, source or destination interface and the status of the destination interface. In addition, you can also use network address translation to translate the data traffic for both inbound and outbound connections and individually for each interface based on a wide range of criteria.

The comprehensive multicast support makes the device ideal for use in multimedia and streaming applications. The Stateful Inspection Firewall (SIF) offers effective protection against attacks from the Internet through dynamic packet filtering. Firewall handling is made easier through numerous pre-configured services. An optional content filter rounds off the security functions of the devices. In this case, all the outgoing Internet enquiries are classified and allow contents not wanted to be reliably filtered out.

The basic equipment of the RS Series also offers a SIP application level gateway (ALG) for the direct connection of IP telephones in the network or for registering with a VoIP provider, without affecting the security of the WAN connection. The corresponding releases in NAT and the internal Stateful Inspection Firewall are controlled automatically by ALG for the length of the communication.

Quality of Service is more than a watchword in FEC devices. Thanks to the rising convergence between voice and data, the classification of data streams is gaining in importance. Our routers provide corresponding QoS mechanisms for prioritising the VoIP traffic ahead of normal internet traffic, for example, and to guarantee it sufficient bandwidth. Alternatively you can give normal data traffic priority over e-mail traffic. The Funkwerk QoS implementation allows voice data to be processed before e-mal data, for example, within a VPN tunnel.

The DNS proxy function supports the LAN for address implementation and the automated IP configuration of PCs is carried out over an integrated DHCP server.

Comprehensive IPSec implementation

The IPSec implementation integrated in Funkwerk RS230au+ works not only with preshared keys but also with certificates. This allows a public key infrastructure to be created for maximum security. (The German Federal Office for Information Security also recommends the use of certificates.)

Furthermore, the Funkwerk IPSec implementation offers support when creating VPN connections with dynamic IP addresses: Even small branch offices can be reached without having to be permanently online. If both VPN nodes only have dynamic IP addresses, confidential information can continue. The exchange of IP addresses is carried out over a dynamic DNS provider.

Load Balancing/Backup

The devices offer a unique level of flexibility thanks to the wide variety of interfaces supported. The Funkwerk RS230au+ supports the ability to configure two interfaces as WAN interfaces. As a result, there is not only more bandwidth available, but there is the opportunity to spread data traffic across individual WAN connections according to load or data type. Equally, you can use a connection (e.g. SDSL) for the VPN connection to the head office and use a second WAN port for a low-cost ADSL connection to guarantee the company's other data traffic. If either connection fails, the other can take over the entire data transfer. In the event that both lines fail, data traffic can automatically be routed over to the UMTS modem.

Simple configuration and maintenance

The router is configured over the Funkwerk Configuration Interface (FCI), using the integrated configuration wizards for example. The FCI is a web-based graphic user surface that you can use from any PC with an up-to-date Web browser via an HTTP or encrypted HTTPS connection. It also offers the opportunity to manage the devices locally and remotely over other configuration accesses such as Telnet, SSH and GSM dial in.

DIME Manager from Funkwerk Enterprise Communications (FEC) is a free tool for managing FEC devices. Dime Manager is aimed at administrators who manage networks with up to 50 devices. The software simplifies the management and configuration of routers or access points either individually or in logical groups. When developing DIME Manager, simple and efficient operation was the primary aim. It allows, for example, software updates or configurations to be applied to individual devices or groups of devices simply by drag and drop. DIME Manager recognises and manages new devices in the network using SNMP multicasts, in other words independent of their current IP address.

Technical Specifications

DSL Interface

• ADSL: ADSL over POTS (ITU G.992.1 Annex A G.Lite (ITU G.922.2)
• ADSL 2 / ADSL 2+ :ADSL over POTS (ITU G.992.3, ITU G.992.5 Annex A)
• ADSL 2: ADSL2 over POTS Annex L
• ADSL 2: ADSL2 over POTS Annex M
• ADSL: Support of Dying Gasp
• ATM: Support of layer 1 protocol AAL5, PVCs, RFC 1483
• ATM: Support of up to 7 virtual channels (VC)
• ATM: Support of OAM F4/F5 line monitoring
• ATM: Support of ATM traffic management (COS - CBR, VBR, UBR)

UMTS

• Supported standards: Support of UMTS (3.5G/HSPA+), (download rate up to 21.1 Mbps, upload rate up to to 5.76), GPRS, Edge and GSM
• UMTS (3.5G) / WCDMS bands: 850/900/1900/2100 MHz

VPN

• PPTP (PAC/PNS): Point to Point Tunneling Protocol for establishing fo Virtual Privat Networks, inclusive strong encryption methods with 128 Bit (MPPE) up to 168 Bit (DES/3DES, Blowfish)
• GRE v.0: Generic Routing Encapsulation V.0 according RFC 2784 for common encapsulation
• L2TP: Layer 2 tunnelling protocol inclusive PPP user authentication
• Number of VPN tunnels: Inclusive 5 active VPN tunnels with the protocols IPSec, PPTP, L2TP and GRE v.0 (also in combination possible)
• IPSec: Internet Protocol Security establishing of VPN connections
• Number of IPSec tunnels: Inclusive 5 active IPSec tunnels
• IPSec Algorithms: DES (64 Bit), 3DES (192 Bit), AES (128,192,256 Bit), CAST (128 Bit), Blowfish (128-448 Bit), Twofish (256 Bit); MD-5, SHA-1, RipeMD160, Tiger192 Hashes
• IPSec hardware acceleration: Integrated hardware acceleration for IPSec encryption algorithms DES, 3DES, AES
• IPSec IKE: IPSec key exchange via preshared keys or certificates
• IPSec IKE Config Mode: IKE Config Mode server enables dynamic assignment of  IP addresses from the address pool of the company. IKE Config Mode client enables the router, to get assigned dynamically an  IP address.
• IPSec IKE XAUTH (Client/Server): Internet Key Exchange protocol Extended Authenticaion client for login to XAUTH server and XAUTH server for loging of XAUTH clients
• IPSec IKE XAUTH (Client/Server): Inclusive the forwarding to a RADIUS-OTP (One Time Password) server
• IPSec NAT-T: Support of NAT-Traversal (Nat-T) for the application at VPN lines with NAT
• IPSec IPComp: IPSec IPComp data compression for higher data throughput via LZS
• IPSec certificates (PKI): Support of X.509 multi-level certificates compatible to Micrososft and Open SSL CA server; upload of PKCS#7/8/10/12 files via TFTP, HTTP, HTTP, LDAP, file upload and manual via FCI
• IPSec SCEP: Certificates management via SCEP (Simple Certificate Enrollment Protocol)
• IPSec Certificate Revocation Lists (CRL): Support of remote CRLs on a server via LDAP or local CRLs
• IPSec Dead Peer Detection (DPD): Continuous control of IPSec connection
• IPSec dynamic DNS: Enables the registering of dynamic IP addresses by a dynamic DNS provider for establishing a IPSec connection.
• IPSec RADIUS: Authentication of IPSec connections at a RADIUS server. Additionally the IPSec peers, which were configured on a RADIUS server, can be loaded into the gateway (RADIUS dialout).
• IPSec Multi User: Enables the Dial-in of several IPSec clients via a single IPSec peer configuration entry
• IPSec QoS: The possibility to operate Quality of Service (traffic shaping) inside of an IPSec tunnel
• IPSec NAT: By activating of NAT on an IPSec connection it is possible, to implement several remote locations with identical local IP addess networks in different IP nets for the VPN connection
• IPSec throughput (1400): 34 Mbps with 1400 Byte packets with AES 256 / AES 128 / 3 DES encryption
• IPSec throughput (256): 11 Mbps with 256 Byte packets with AES 256 / AES 128 / 3 DES encryption

Security

• NAT/PAT: Symmetric Network and Port Address Translation (NAT/PAT) with randomly generated ports inclusive Multi NAT (1:1 translation of whole networks)
• Policy based NAT/PAT: Network and Port Address Translation via different criteria like IP protocols, source/destination IP Address, source/destination port
• Policy based NAT/PAT: For incoming and outgoing connections and for each interface variable configurable
• Content Filtering: Optional ISS/Cobion Content filter (30 day test license inclusive)
• Stateful Inspection Firewall: Packet filtering depending on the direction with controling and interpretation of each single connection status
• Packet Filter: Filtering of IP packets according to different criteria like IP protocols, source/destination IP address, source/destination port, TOS/DSCP, layer 2 priority for each interface variable configurable

Routing

• Policy based Routing: Extended routing (Policy Based Routing) depending of diffent criteria like IP protocols (Layer4), source/destination IP address, source/destination port, TOS/DSCP, source/destination interface and destination interface status
• Multicast IGMP: Support of Internet Group Management Protocol (IGMP v1, v2, v3) for the simultaneous distribution of IP packets to several stations
• Multicast IGMP Proxy: For easy forwarding of multicast packets via dedicated interfaces
• Multicast inside IPSec tunnel: Enables the transmission of multicast packets via an IPSec tunnel
• RIP: Support of RIPv1 and RIPv2, separated configurable for each interface
• Extended RIP: Triggerd RIP updates according RFC 2091 and 2453, Poisened Rerverse for a better distribution of the routes; furthermore the possibility to define RIP filters for each interface.
• Routing throughput (1518): 199 Mbps with 1518 Byte packets
• Routing throughput (256): 198 Mbps with 256 Byte packets

Interfaces

• Ethernet: 5 x 10/100/1000 Mbps Ethernet Twisted Pair, autosensing, Auto MDI/MDI-X, up to 4 ports can be switches as additional WAN ports incl. load balancing, all Ethernet ports can be configured as LAN or WAN.
• USB 2.0 host: USB 2.0 full speed host port for connecting UMTS (3G) USB modem sticks
• Serial console: Serial console interface / COM port (mini USB)
• ADSL/ADSL 2+: ADSL over POTS
• GSM/UMTS (3.5G): UMTS (3G), HSPA+ (3.5G), GPRS, Edge or GSM with intergrated GSM/UMTS (3.5G) modem
• External UMTS antenna connectors: Two SMA antenna connectors for external UMTS antennas

Hardware Features

• Realtime clock: System time persists even at power failure for some hours.
• Wall mounting: Integrated in housing
• Environment: Temperature range: Operational 0°C to 40°C; storage -10°C to 70°C; Max. rel. humidity 10 - 95% (non condensing)
• Power supply: External wall power supply 110-240V / 12 V DC, 1.5 A, with energy efficient switching controler; complies with EuP directive 2008/28/EC
• Power consumption: Less than 5 Watt
• Housing: Metal case, opening for Kensington lock, connectors at back side, prepared for wall mounting
• Dimension: Ca. 235 mm x 31.5 mm x 146,5 mm (W x H x D)
• Weight: Ca. 1100g
• Fan: Fanless design therefor high MTBF
• Reset button: Restart or reset to factory state possible
• Status LEDs: Power, Status, 10 * Ethernet, ADSL, WLAN, USB
• Standards and certifications: R&TTE Directive 1999/5/EG; EN 55022; EN 55024 + EN 55024/A1; EN61000-3-2; EN 61000-3-3; EN 61000-4-4; EN 60950-1; EN 300 328; EN 301 489-7; EN 301 489-24; EN 301 908-1; EN 301 908-2; EN 301 511

Content of Delivery

• Manual: Quick Installation Guide in German and English
• DVD: DVD with system software, management software and documentation
• Ethernet cable: 1 Ethernet cable, 3m
• Power supply: Wall power supply 110-240V / 12 V DC, 1.5 A, with high efficient switching controler
• ADSL cable: ADSL cable (RJ11-RJ11), 3m
• UMTS (3G) antenna: Two external 2 dBi dipol quadband antennas

Service

• Warranty: 2 year manufacturer warranty inclusive advanced replacement
• Software Update: Free-of-charge software updates for system software (BOSS) and management software (DIME manager)

Specifications Tab

Questions Tab