RSA-1220M

ADSL/VDSL2 router for Remote Site Access

Introduction

The MuLogic RSA-1220M is a router for providing access to remote locations such as power substations, traffic management systems and various other remote site automation equipment.

The unit is equipped with an ADSL/VDSL2 port and an Ethernet port with VLAN support that can be configured as LAN or WAN port.

The RSA-1220M incorporates 2 independent serial port gateways that can be used for remote access to devices with
a serial interface. One serial gateway connects to an RS232 port, the other to an RS485 port.

The unit is designed for industrial applications and is powered from low voltage DC or AC power sources.

The RSA-1220M operates over a temperature range from -40°C to +70°C.

Features

  • DSL interface supports standards for ADSL, ADSL2, ADSL2+, and VDSL2
  • One hardware version for ADSL Annex A (PSTN overlay) and Annex B/J (ISDN overlay).
  • ADSL Downstream rates up to 24 Mbit/s, upstream rates up to 1.4 Mbit/s (Annex A/B).
    Upstream rates up to 3 Mbit/s in Annex A/M and Annex B/J modes.
  • VDSL2 Downstream rates up to 100 Mbit/s, upstream rates up to 50 Mbit/s.
  • ADSL Encapsulation Protocols: PPPoA, PPPoE, IPoA, MER/IPoE and CLIP.
  • Ethernet port: 10/100baseT, Auto-MDI/MDIX. Can be used as LAN or WAN port.
  • Ethernet port supports SCADA protocols like Modbus/TCP, DNP3/IP and IEC60870-5-104.
  • Two serial port gateways for remote serial data (TCP/IP or UDP/IP) to serial ports (one RS232, one RS485). Data rates from 300 to 115200 bit/s.
  • Serial ports support SCADA protocols like Modbus RTU/ASCII, DNP3 and IEC60870-5-101.
  • IPsec and OpenVPN tunnels for secure communication with Ethernet and serial ports.
  • GRE tunnels for linking multicast protocols like RIPv2 and OSPF over IPsec.
  • Secure Layer-2 Ethernet bridging over OpenVPN tunnels.
  • Secure access to Serial port gateways. (VPN tunnels or access restrictions in firewall).
  • Up to 4 separate LANs (VLANs) with individual DHCP servers.
  • IEEE 802.1Q VLAN support for VDSL2/PTM, LAN and Ethernet WAN interfaces.
  • Static routing and dynamic routing (OSPF, RIP Version 1 and 2).
  • Dynamic NAT (IP masquerading) for outgoing connections.
  • Static NAT (Port forwarding) for incoming connections.
  • Stateful firewall for Access Control and rate limiting (DoS protection).
  • Device Management: HTTP/HTTPS, Telnet/SSH, SNMP and serial port.
  • System alerts by means of: Email and SNMP traps.
  • Independent watchdog/reset controller for monitoring vital system functions.
  • Dry contact sensor (input) with status reporting and alerting via SNMP, Email or SMS.
  • Dry contact (output) for automatic alarm/status indication or remote control.
  • System temperature sensor with status reporting via SNMP and HTTP.
  • Isolated supply voltage input for industrial applications (suitable for AC and DC).
  • Supply voltage ranges: 11-36Vdc/11-28Vac, 18-60Vdc/18-30Vac or 18-72Vdc.
  • Extended operating temperature range: -40°C to +70°C
  • Din-Rail or panel mounting.

Application Areas

Remote access
The RSA-1220M is designed for remote access to sites like electric power substations, roadside cabinets for traffic control and remote surveillance and the like. It provides access to remote terminal units with Ethernet or serial ports.

The RSA-1220M can be used to replace Dial-up and leased line modems and offers high speed Ethernet communications while maintaining support of serial communication. This allows for easy migration to the use of remote terminal units with Ethernet interface and other devices such as remote surveillance cameras while maintaining connectivity to devices with a serial RS232 or RS485 port.

Replacing Dial-up modems for the RSA-1220M cuts the costs for the telephone calls made for each session. The can be installed without the need for replacing the telephone line. Just add ADSL or VDSL2 service to the existing telephone line.

WAN ports
Apart from using the DSL line or Mobile network for connection to the internet, in case that the Ethernet port is not used for connecvting local devices, the RSA-1220M can also use its Ethernet port for WAN access via an external modem or router or a fiberoptic internet connection. Both untagged and tagged (VLAN) operation is supported.

Failover operation of WAN ports and interfaces
All WAN interfaces can be used as primary WAN or back-up WAN interface. Alternative paths are selected automatically according to priority and availability.

Serial port gateways
The integrated Serial Port gateways offer remote access to the unit’s serial ports. One gateway connects to the RS485/RS422 port, the other to the RS232 port. Combined operation of RS232 and RS485 to a single gateway is also possible. The network connection to the serial port gateways allows for the use of various tools like “virtual com port drivers”, direct IP socket connection or dedicated application software. Also other  “serial to Ethernet converters” or another Mulogic router can be used. In addition, the serial ports can also be accessed by means of a telnet connection.

Information and Access Security: IPsec, OpenVPN and Firewall.
As the unit in most cases will be connected to the public internet, extra security features such as IPsec and OpenVPN are supported. IPsec and OpenVPN protect against unwanted access and eavesdropping of the data. With IPsec and OpenVPN encrypted virtual tunnel connections can be created. Only devices at the end-points of the tunnel can communicate and the data is protected from eavesdropping. A single RSA-1220M can support multiple IPsec or OpenVPN tunnels. The OpenVPN tunnels can operate in routing mode (layer-3) but can also be used to transparently bridge Ethernet frames (Layer-2). The unit’s firewall features are used for static or dynamic NAT routing (port forwarding and IP masquerading) and blocking or granting access to the devices attached to the unit and the unit’s configuration and management interface. This makes it possible to block all access  from unknown IP addresses. In addition, several options are available to limit the rate of incoming or outgoing data as protection against DoS attacs.

Configuration and remote management.
The RSA-1220M can be configured and managed in multiple ways:
  • Web browser (http and https).
  • Command line interface via telnet, SSH, or serial port.
  • Direct configuration database access for provisioning systems.
  • SNMP manager.

Device power supply
The RSA-1220M is equipped with a galvanically isolated power input. Three voltage ranges are available:
  • 11-36Vdc/11-28Vac.
  • 18-60Vdc/18-30Vac.
  • 18-72Vdc.
For mains power operation (100..240Vac) an external power adapter or power supply is used.

Extended temperature range
The RSA-1220M is designed for operating under extreme temperature conditions. It is suitable for operating at ambient temperatures ranging from -40°C to +70°C.

Technical Specifications

xDSL modes

  • ANSI T1.413 Issue 2 (ADSL)
  • ITU-T G.992.1 (G.dmt)
  • ITU-T G.992.2 (G.lite)
  • ITU-T G.992.3/4 (ADSL2)
  • ITU-T G.992.3 Annex L (RE-ADSL)
  • ITU-T G.992.5 (ADSL2+)
  • ITU-T G.992.5 Annex M (ADSL2+M)
  • ITU-T G.993.2 VDSL2 (profiles: 8a, 8b, 8c, 8d, 12a, 12b, 17a)
  • ITU-T G.993.5 and G.993.2 Annex Y VDSL2 Vectoring
  • Hardware suitable for both ADSL Annex A/M and Annex B/J


xDSL encapsulation protocols

  • PPP Over ATM (PPPoA, RFC2364)
  • PPP Over Ethernet (PPPoE, RFC 2516)
  • Ethernet Over ATM (MER/IPoE, RFC 2684)
  • IP Over ATM (IPoA – CLIP, RFC 2225)
  • MAC Encapsulation Routing (MER, RFC 2684)
  • Ethernet bridging (RFC 2684 Bridge mode)
  • PTM with tagged or untagged VLAN for VDSL2


IP routing

  • Static routing
  • Dynamic routing: OSPF, RIP Version 1 and 2


Firewall

  • Statefull firewall for Access Control Rate limiting, NAT routing and port forwarding.

Tunnel protocols

  • IPsec, OpenVPN and GRE.


IPsec features

  • Mode of operation: Tunnel mode.
  • Key exchange method: Automatic (IKE, IKEv2).
  • Authentication method: Pre-shared key or X.509 Certificate.
  • PFS support (Perfect Forward Secrecy): RFC 2412.
  • Phase 1 mode: Main or Aggressive.
  • Phase 1 and 2 Encryption Algorithms: 3DES, AES-128, AES-192 or AES-256.
  • Phase 1 and 2 Integrity Algorithms: MD5, SHA-1, SHA-256, SHA-384, SHA-512 or SHA-256-96.
  • Diffie-Hellman groups for key exchange: DH Group 1 (768 bit), Group 2 (1024 bit),
    Group 5 (1536 bit), Group 14 (2048 bit), Group 15 (3072 bit), Group 16 (4096 bit).
    NIST ECG25 (192 bit), ECG26 (224 bit), ECG19 (256 bit), ECG 20 (384 bit) and
    ECG21 (521 bit).
    Brainpool ECG27 (224 bit), ECG28 (256bit), ECG29 (384 bit) and ECG30 (512 bit).
  • Key Lifetime: 1-28800 seconds.
  • DPD (dead peer detection).
  • NAT-traversal and NAT KeepAlive.
  • Up to 10 IPsec tunnel configuration profiles.


OpenVPN features

  • P2P, client and Server mode
  • UDP, TCP server, TCP client
  • Modes: L2 Bridged, L3 Routed
  • Authentication methods: Pre-shared secret, X.509 Client, X.509 Server.
  • Encryption Algorithms: 3DES, AES-128, AES-192, AES-256 or Blowfish.
  • TLS authentication.
  • LZO Compression.


Ethernet port

  • 10/100baseT
  • Half and Full duplex
  • Auto-MDI/MDIX

Serial ports

  • Port 1: RS232 DB9 Male connector (DTE pinout).
  • Port 2: RS485/RS422 at 4-pin screw terminal connector.
  • Port rates: 300, 600, 1200, 2400, 4800, 9600, 19k2, 38k4, 57k6 or 115k2 bit/s.
  • Data formats: 8N, 8E, 8O, 7E, 7O. One or two stop bits.
  • Buffer size: 10, 20, 50, 100, 200, 300, 400, 500, 1000 or 1500 bytes.
  • Forwarding timeout: 1, 2, 5, 10, 15, 20, 50, 100 or 200 msec.


Serial gateways

  • Operating modes: TCP server, TCP client, Telnet server, UDP client/server
  • Maximum number of concurrent connections: 256.
  • TCP Alive check and Data Activity check.
  • Statistics per connection.

Power supply voltage ranges

  • RSA-1220M/Vr1: 11-36Vdc/11-28Vac (5W)
  • RSA-1220M/Vr2: 18-60Vdc/18-30Vac (4W)
  • RSA-1220M/Vr3: 18-72Vdc (4W)


Dimensions and weight

  • Dimensions: 143x38x95mm(HxWxD),  Weight: 550 gr.


Environment

  • Operating temperature range: -40°C to +70°C, Humidity:5..95%
  • Storage temperature range: -50°C to +80°C, Humidity:5..95%


Compliances

  • CE directives: 2004/108/EC and 2006/95/EC.
  • EMC: EN 55022, EN55024: Emission limits and immunity for residential environments.
  • EMC: EN 61000-6-2: Immunity for industrial environments.
  • Network: Compatible with 1TR112 for U-R and U-R2 interfaces.
  • Electrical Safety: EN 60950.
  • Mechanical Stability: IEC 60068-2-27 shock, IEC 60068-2-6 vibration.


Order codes

  • RSA-1220M/Vr1 (11-36Vdc/11-28Vac)
  • RSA-1220M/Vr2 (18-60Vdc/18-30Vac)
  • RSA-1220M/Vr3 (18-72Vdc/no AC)