Terminates 3000 IPSec VPNs Mako 8875 Concentrator€¦ · IPSec 3000 connections VPN Cloud by the...
Transcript of Terminates 3000 IPSec VPNs Mako 8875 Concentrator€¦ · IPSec 3000 connections VPN Cloud by the...
Mako 8875 ConcentratorFast, flexible and secure Internet access.
Mako 8875 Product Brief 1 WWW.MAKONETWORKS.COM
VPN Termination
The Mako 8875 is designed specifically to be the termination point for your remote locations. Mako’s 8875 delivers near-real time reporting on all CPE operations. Remote locations connected by Mako appliances can be linked in seconds, without requiring static IP addresses. Mako’s VPN Cloud service delivers modern privacy and security across your network.
At a Glance
Terminates 3000 IPSec VPNs
VPN Cloud-ready: ECDSA-based authentication, Perfect Forward Security, Geographic Failover
1 GBps over 1 WAN, 3 LANs
Mako 8875 Hardware Specifications
Form Factor 1U rackmount
Dimensions 17 x 1.75 x 21.65 inches 431 x 44 x 550 mm (L x W x H)
Weight 26.4 lbs (12 kg)
Power Supply 1+1 Redundant 400 W, 100-240 V AC
Operating Temperature 40° to 105° F / 5° C to 40° C
Network Interface 4 x Ethernet RJ45 1GBps (1 WAN, 3 LAN)
IPSec 3000 connections
VPN Cloud by the Numbers (and Letters)Mako’s new VPN Cloud service isn’t limited by a requirement for IP address data as part of its authentication protocol. VPN Cloud uses a certificate-based paradigm: users with the right credentials should be able to use a network from almost any computer, regardless of where they’re connecting from.
SecurityECDSA-based certificates for proof of identity:
n ECDHE-based key exchange for perfect forward security (PFS) negotiation of session keys.
n Uses secure anti-spoofing and anti-relay protection mechanisms.
n Layer 3 and 4 firewall rules restricting access to/from VPN networks.
Encryption n AES-GCM for session data integrity and encryption. 128-bit
and 256-bit keys supported.
n Cryptographic functions powered by SSL.
Features n Hub-and-Spoke routing.
n Fast VPN failover on WAN failure.
n Industrial grade NAT/SNAT/DNAT support.
Mako 8875 Product Brief 2 WWW.MAKONETWORKS.COM
HA Firewall 192.168.1.249/29
Switch
Contact Mako NetworksPh. +1 888 777 5413 E. [email protected]. makonetworks.com
Usage ScenariosThe following are two examples that demonstrate a practical IPSec configuration and a VPN Cloud-based solution. These scenarios are purely indicative of common considerations in a concentrator network.
Here, a pair of Mako 8875s is configured in a High Availability (HA) ‘heartbeat’ failover configuration - if the ‘Primary’ concentrator suffers an outage, the right ‘Secondary’ concentrator assumes the Primary’s role.
This VPN Cloud configuration distributes traffic geographically by ‘weightings’ to avoid overflow. This dual data center solution requires OSPF or BGP running between Customer Internal Routers and the 8875s (or static routes between the two) to maintain correct return path routes.
Mako 6500@ 10.1.1.0/24
Mako 6500@ 10.1.1.0/24
10.0.10.0/24, weight 1010.0.11.0/24, weight 10
10.0.10.0/24, weight 1010.0.11.0/24, weight 10
10.0.10.0/24, weight 2010.0.11.0/24, weight 20
10.0.10.0/24, weight 2010.0.11.0/24, weight 20
Mako 6500@ 10.2.1.0/24
Switch
HA Heartbeat 192.168.252.0/24
Switch192.168.1.252/29192.168.1.253/29
VIP: 192.168.1.254/29
INTERNET
Corporate Network10.0.10.0/24
Corporate Network10.0.10.0/2410.0.11.0/24
Corporate Network10.0.10.0/2410.0.11.0/24