Each Nortel Contivity Extranet Switch is a
single hardware device which provides routing, firewall, bandwidth management, encryption,
authentication, and data integrity for secure tunneling across managed IP networks and the Internet.
With Contivity Extranet Switches, you can connect remote users, branch offices, suppliers, and
customers with the cost and performance advantages of shared IP networks and the security and
control you would expect from private networks.
This integrated product family includes the Contivity 1510, 1520 and 1530 for up to 100 simultaneous
users, Contivity 2600 for up to 1000 users, and Contivity 4500 for up to 5000 users.
For enterprises, the Contivity Extranet Switch taps the Internet to create a powerful,
low-cost Virtual Private Network solution to replace expensive, dedicated wide area networks.
For service providers, the Contivity Extranet Switch is the perfect answer to capitalize on
the growing market for managed IP VPNs -- intranets, extranets, and remote access applications.
Ease of deployment and management
The Contivity Extranet Switch is easy to deploy at enterprise sites, and interoperates with existing
network components such as routers, firewalls, and servers. A T1 with integrated CSU/DSU card
delivers interface flexibility and WAN functionality; a V.35 and HSSI card supports various
universal physical connections. The Nortel Networks Optivity VPN Manager handles batch management of
multiple Contivity Extranet Switches.
Secure directory-enabled networking
The Contivity Extranet Switch accepts incoming traffic only through authenticated, tunneled
connections. All connections are encrypted for privacy, and all transactions are logged. Each user,
group, or branch office connection--internal or external--can have a unique filtering profile with
different access rights.
Integrated firewall protection
Contivity Extranet Switches at the network center, branch office, or remote location can also be
integrated with a high-performance CheckPoint firewall. All connections can be authenticated,
encrypted, and further protected by unique filtering profiles for each user or group--plus complete
life-cycle managed digital certificate authentication using Entrust and VeriSign.
Customized service offerings
Enterprises can choose to own and manage their own IP VPNs, or out- source to a service provider
while retaining control over user authentication or a part of the network, or outsource all aspects
of the service. When the IP VPN is provided as a managed carrier service, different management
demarcation points can be defined for different enterprises.
A powerful Intel architecture, redundancy for key components, multilevel authentication, a
hardware-based encryption card, and automatic backup of system and accounting data create a highly
reliable IP VPN. As processor technology has advanced, we capitalized on it, and as a result have
cut the cost-per-user in half.
Contivity Extranet Switches in the branch office and net- work center use RIP v1 and v2 routing
protocol to dynamically create secure tunnels and to simplify provisioning of branch offices.
Broad client support
The Contivity Extranet IPSec Client is included free, with an unlimited distribution license. This
client can be tailored to include custom icons and banners, and is pass-word-protected for added
VPN and extranet technology standards are still evolving. The Contivity Extranet Switch is equipped
for this constantly changing environment; it provides a wide range of choices for tunneling,
authentication, encryption, and accounting.
Point to point tunneling protocol (PPTP), including compression and encryption; L2F, L2TP
IPSec, including Authentication Header (AH), Encapsulating Security Protocol (ESP), and
Internet Key Exchange (IKE)
Internal or external Lightweight Directory Access Protocol (LDAP)
Remote Authentication Dial-In User Services (RADIUS)
Token card integration: Security Dynamics and AXENT
Digital certificate authentication with Entrust and VeriSign
Compliant with Federal Information Processing Standard 140 (FIPS 140)
IPSec-certified by the International Computer Security Association
Up to 192-bit key length Š three separate 64-bit keys
Effective encryption strength of 112 bits
DES, Triple-DES, and RC4
Individual user or group profile; source and destination IP address; port, service, and
protocol type; Synchronize Flag/Acknowledgement (SYN/ACK) bit
Four internal priority levels using Random Early Detection (RED); four connection priority
levels; differentiated services; code point marking; external Quality of Service: Resource
Reservation Protocol (RSVP)
Internal and external RADIUS databases
Event, system, security, and configuration accounting
Automatic archiving by month to external system
Full HTML and Java configuration; SNMP alerts; bulk load configuration; command fixes; four
levels of administrator access; role-based management to separate service provider and end-user
Optivity VPN Manager--batch configuration and management of multiple Contivity Extranet
International Computer Security Association (ICSA) IPSec certification, July 1999
(Requires Windows™ 95, 98 or Windows NT™ 4.0 or later)
IPSec, including AH, ESP, and IKE
Auto-configuration with "one-click" connection
Tested with Linux Free/Swan client
iPass dial-up database with more than 3,000 locations (Service requires customer subscription
MS Windows 2000
Support for Windows 2000 embedded tunnel protocols including IPSec-protected L2TP; mix and
match with existing Nortel clients or other tunnel protocols such as PPTP and L2TP; support
configurable to offer end-user remote access applications with end user stations as well as a
VPN gateway to Windows 2000 servers.
(800K) -- Download information about Nortel's comprehensive technology
for creating highly scalable, secure, and robust IP VPNs to connect multi-location enterprises
and their supply chains-or for service providers to offer IP VPNs as a managed service.