RSA-1020DW4

4G (LTE Cat.4) Cellular Remote Site Access Router.

Introduction

The MuLogic RSA-1020DW4 is a cellular router for providing access to unmanned remote locations such as power substations, traffic management systems and various other remote site automation equipment.

The unit is equipped with a cellular wireless WAN modem that supports 4G, 3G and 2G cellular networks and offers wireless data rates up to 100 mbit/s (LTE Cat.3).

In addition to an Ethernet port, the RSA-1020DW4 incorporates 2 independent serial port gateways that can be used for remote access to devices with a serial interface. One serial gateway connects to an RS232 port, the other to RS485.

The unit is designed for industrial applications and is powered from low voltage DC or AC power sources.

The RSA-1020DW4 operates over a temperature range from -40°C to +70°C.

Features

  • Access router for cellular mobile wireless networks: 2G/3G/4G Cat.3
  • WWAN Data rates: up to 100/50 Mbit/s (Downlink/Uplink)
  • Ethernet port: 10/100baseT, Auto-MDI/MDIX.
  • IEEE 802.1Q VLAN support for Ethernet LAN interface.
  • Ethernet port supports SCADA protocols like Modbus/TCP, DNP3/IP and IEC60870-5-104.
  • Two serial port gateways for remote serial data (TCP/IP or UDP/IP) to serial ports (one RS232, one RS485). Data rates from 300 to 115200 bit/s.
  • Serial ports support SCADA protocols like Modbus RTU/ASCII, IEC60870-5-101 and DNP3
  • IPsec and OpenVPN tunnels for secure communication with Ethernet and serial ports.
  • GRE tunnels for linking multicast protocols like RIPv2 and OSPF over IPsec tunnels.
  • Secure Layer-2 Ethernet bridging over OpenVPN tunnels.
  • Secure access to Serial port gateways. (VPN tunnel or access restrictions in firewall).
  • Up to 4 separate LAN networks (over VLAN) with individual DHCP servers.
  • Static routing and dynamic routing (BGP, OSPF, RIPv1 and RIPv2).
  • Dynamic NAT (IP masquerading) for outgoing connections.
  • Static NAT (Port forwarding) for incoming connections.
  • Stateful firewall for access control, data forwarding and rate limiting (DoS protection).
  • Device Management services: HTTP/HTTPS, CWMP(TR-069), IXplatform, SNMP and CLI.
  • Firmware updates via local Ethernet port, remotely via HTTP/HTTPS (upload or download), invoked by CWMP(TR-069), SNMP, web interface or CLI command.
  • Role-based access control for administrative access.
  • RADIUS support for user authentication. Access roles determined by RADIUS attributes.
  • IEEE 802.1X Port-based Network Access Control
  • Certificate management and enrolment: Manual or SCEP.
  • System alerting by means of: Email, SNMP traps and SMS.
  • Independent watchdog/reset controller for monitoring vital system functions.
  • Dry contact sensor (input) with status reporting and alerting via SNMP, Email or SMS.
  • Dry contact (output) for automatic alarm/status indication or remote control.
  • Temperature sensors (system and WWAN) with status reporting via SNMP and HTTP
    and alerting via SNMP trap, Email or SMS.
  • Isolated supply voltage input for industrial applications (suitable for AC and DC).
  • Supply voltage ranges: 11-36Vdc/11-28Vac, 18-60Vdc/18-30Vac or 18-72Vdc.
  • Extended operating temperature range: -40°C to +70°C
  • Din-Rail or panel mounting.

Application Areas

Remote site access
The RSA-1020DW4 is designed for access to unmanned remote sites like electric power substations, roadside cabinets for traffic control, remote surveillance etc. The unit provides connectivity for Remote Terminal Units, PLCs and other equipment and supports both Ethernet and serial ports. Various options for secure VPN tunnels like IPsec and OpenVPN are available. In combination with GRE or OpenVPN Layer2 tunnels, all possible layer2 and layer3 network protocols can be transported securely.
Remote Machine access
Machine builders often offer remote access support and diagnostics for their installed machines. However, network security policies of a factory or plant may make direct remote access very cumbersome or even impossible. To overcome these situations, the RSA routers and connected machines can be made accessible via a secure 3rd party cloud service. The RSA router in the factory can make connection to the cloud platform via the cellular network, thus totally bypassing the factory network. The cloud platform offers access to the remote machines via smart phones, tablets or PCs connected to the internet and without the need to create your own VPN network. Via the platform, web based services are available for accessing the router’s user interface and web servers or VNC servers of attached machines.
Cellular Wireless WAN
The RSA-1020DW4 incorporates an internal wireless WAN (WWAN) modem for internet connectivity via cellular networks worldwide.
Serial port gateways
The integrated Serial Port gateways offer remote access to the unit’s serial ports. One gateway connects to the RS485/RS422 port, the other to the RS232 port. Combined operation of RS232 and RS485 to a single gateway is also possible. The network connection to the serial port gateways allows for the use of various tools like “virtual com port drivers”, direct IP socket connection or dedicated application software. Also other “serial to Ethernet converters” or another Mulogic router can be used. In addition, the serial ports can also be accessed by means of a telnet connection.
Information and Access Security: IPsec, OpenVPN and Firewall.
As the unit in most cases will be connected to the public internet, extra security features such as IPsec and OpenVPN are supported. IPsec and OpenVPN protect against unwanted access and eavesdropping of the data. With IPsec and OpenVPN encrypted virtual tunnel connections can be created. Only devices at the end-points of the tunnel can communicate and the data is protected from eavesdropping. A single RSA-1020DW4 can support multiple IPsec or OpenVPN tunnels. The OpenVPN tunnels can operate in routing mode (layer-3) but can also be used to transparently bridge Ethernet frames (Layer-2). The unit’s firewall features are used for static or dynamic NAT routing (port forwarding and IP masquerading) and blocking or granting access to the devices attached to the unit and the unit’s configuration and management interface. This makes it possible to block all access from unknown IP addresses. In addition, several options are available to limit the rate of incoming or outgoing data as protection against DoS attacks.
Configuration and remote management.
The RSA-1020DW4 can be configured and managed in multiple ways:
  • Web browser (http and https).
  • TR-069 CWMP.
  • HTTP Post for scripted configuration and control.
  • Command line interface via telnet, SSH, or serial port.
  • SNMP manager.

Device power supply
The RSA-1020DW4 is equipped with a galvanically isolated power input. Three voltage ranges are available:
  • 11-36Vdc/11-28Vac.
  • 18-60Vdc/18-30Vac.
  • 18-72Vdc.
For mains power operation (100..240Vac) an external power adapter or power supply is used.
Extended temperature range
The RSA-1020DW4 is designed for operating under extreme temperature conditions. It is suitable for operating at ambient temperatures ranging from -40°C to +70°C.

Technical Specifications

Wireless cellular modes  

  • 4G/LTE bands: 800, 900, 1800 and 2600 MHz (Bands 1, 3, 7, 8 and 20)
  • 3G/UMTS bands: (WCDMA/FDD): 900, 1800 and 2100 MHz (Bands 1, 3 and 8)
  • 2G/GSM bands: 850 and 1800 MHz
  • UMTS/HSPA+, 3GPP release 6/7
  • GSM/GPRS/EDGE, 3GPP release 99/4
  • LTE, 3GPP release 9
  • GSM EDGE data rates: DL max. 237 kbit/s, UL max. 237 kbit/s.
  • HSPA+ data rates: DL max. 42 Mbit/s, UL max. 5.76 Mbit/s.
  • LTE data rates: (Cat.3) DL: up to 100 Mbit/s, UL: up to 50Mbit/s.


IP routing

  • Static routing.
  • Dynamic routing: BGP, OSPF, RIPv1, RIPv2.


Firewall

  • stateful firewall for data forwarding and access control, NAT routing, port forwarding and
    rate limiting.


IPSec 

  • Mode of operation: Tunnel mode.
  • Key exchange Methods: IKEv1, IKEv2.
  • Authentication Method: Pre-shared key or X.509 Certificate.
  • PFS support (Perfect Forward Secrecy): RFC 2412.
  • Phase 1 mode: Main or Aggressive.
  • Phase 1 and 2 Encryption Algorithms: DES-CBC, 3DES-CBC, AES-128-CBC, AES-192-CBC or AES-256-CBC
  • Phase 1 and 2 Integrity Algorithms: MD5 or SHA-1
  • Diffie-Hellman groups for key exchange: DH Group 1 (768 bit), DH Group 2 (1024 bit),
    DH Group 5 (1536 bit), DH Group 14 (2048 bit), DH Group 15 (3072 bit), DH Group 16 (4096 bit). 
  • Key Lifetime: 1-28800 seconds.
  • DPD (dead peer detection).
  • NAT-traversal and NAT KeepAlive.
  • Layer-2 bridging over IPsec tunnels using GRE Layer 2 or OpenVPN Layer 2 bridging.
  • Multicast over IPsec using GRE.
  • Multiple tunnel configuration profiles.


OpenVPN

  • P2P, client and Server mode
  • UDP, TCP server, TCP client
  • Modes: Layer 2 Bridged, Layer 3 Routed
  • Authentication methods: Pre-shared secret, X.509 Client, X.509 Server.
  • Encryption Algorithms: 3DES, AES-128, AES-192, AES-256 or Blowfish.
  • TLS authentication.
  • LZO Compression.
  • Multiple tunnel configuration profiles.


GRE 

  • Layer 3 and layer 2 tunneling.
  • Multiple tunnel configuration profiles.


Ethernet ports

  • 10/100baseT
  • Half and Full duplex
  • Auto-MDI/MDIX


Serial ports

  • Port 1: RS232 DB9 Male connector (DTE pinout).
  • Port 2: RS485/RS422 at 4-pin screw terminal connector.
  • Port rates: 300, 600, 1200, 2400, 4800, 9600, 19k2, 38k4, 57k6 or 115k2 bit/s.
  • Data formats: 8N, 8E, 8O, 7E, 7O. One or two stop bits.
  • Buffer size: 10, 20, 50, 100, 200, 300, 400, 500, 1000 or 1500 bytes.
  • Forwarding timeout: 1, 2, 5, 10, 15, 20, 50, 100 or 200 msec.


Serial gateways

  • Operating modes: TCP server, TCP client, Telnet server, UDP client/server
  • Maximum number of concurrent connections: 256.
  • TCP Alive check and Data Activity check.
  • Statistics per connection.


I/O ports

  • Input: contact sensor for dry contact. Closed contact current: max. 6 mA.
  • Output: Isolated dry contact. On resistance: 8Ω, max. load current: 150 mA.


Power supply voltage ranges

  • RSA-1020DW4/Vr1: 11-36Vdc/11-28Vac (8W)
  • RSA-1020DW4/Vr2: 18-60Vdc/18-30Vac (8W)
  • RSA-1020DW4/Vr3: 18-72Vdc (8W)


Dimensions and weight

  • Dimensions RSA-1020DW4: 143x38x95mm(HxWxD),  Weight: 560 gr.


Environment

  • Operating temperature range: -40°C to +70°C, Humidity:5..95%
  • Storage temperature range: -50°C to +75°C, Humidity:5..95%


Compliances and approvals

  • CE directives: 2014/30/EU (EMC) and 2006/35/EU (LVD).
  • EMC: EN 55022, EN55024: Emission limits and immunity for residential environments.
  • EMC: EN 61000-6-2: Immunity for industrial environments.
  • Safety: EN 60950-1:2006/A11:2009+A1:2010+A12:2011+A2:2013
  • Mechanical Stability: IEC 60068-2-27 shock, IEC 60068-2-6 vibration.
  • RoHS: 2002/95/EC (RoHS 1), 2011/65/EC (RoHS 2)
  • Cellular modem approvals: RED, CE, GCF, UL, FCC, PTCRB, IC.
  • 3GPP TS 51.010-1, ETSI EN 301 511 V12.5.1, GCF-CC V3.62.1
  • CFR Title 47 (FCC), OET Bulletin 65 (Edition 97-01), NAPRD.03 V5.24
  • RSS132, RSS133, RSS139


Order codes

  • RSA-1020DW4/Vr1 (11-36Vdc, 11-28Vac)
  • RSA-1020DW4/Vr2 (18-60Vdc, 18-30Vac)
  • RSA-1020DW4/Vr3 (18-72Vdc)