RSA-1220W3

Remote Site Access Router with ADSL, Ethernet and cellular wireless WAN ports.

Introduction

The MuLogic RSA-1220W3 is a router for access to remote locations such as power substations, traffic management systems and various other remote site automation equipment.
 
The unit is equipped with WAN ports for ADSL/VDSL2 lines and  2G/3G mobile wireless networks. Each WAN port can be used as failover for the other WAN port.

The RSA-1220W3 incorporates 2 serial port gateways that can be used for remote access to devices with a serial interface. One serial gateway connects to an RS232 port, the other to an RS485 port.

The unit is designed for industrial applications and is powered from low voltage DC or AC power sources.

The
RSA-1220W3 operates over a temperature range from -40C to +70C.

RSA-1220W


Features

  • Access router with multiple WAN ports: ADSL/VDSL2 and 2G/3G Wireless WAN.

  • Wireless WAN (WWAN) interface: 5-Band UMTS, 4-Band GSM.

  • DSL interface supports standards for VDSL2, ADSL, ADSL2 and ADSL2+

  • One hardware version for ADSL Annex A (PSTN overlay) and Annex B/J (ISDN overlay).

  • ADSL Downstream rates up to 24 Mbit/s, upstream rates up to 1.4 Mbit/s (Annex A/B).
    Upstream rates up to 3 Mbit/s in Annex A/M and Annex B/J modes.

  • VDSL2 Downstream rates up to 110 Mbit/s, upstream rates up to 50 Mbit/s.

  • ADSL Encapsulation Protocols: PPPoA, PPPoE, IPoA, MER/IPoE and CLIP.

  • RFC4638 support for allowing PPPoE MTU size up to 1500.

  • Ethernet port: 10/100baseT, Auto-MDI/MDIX.

  • IEEE 802.1Q VLAN support for PTM, and Ethernet LAN interfaces.

  • Automatic Failover operation between xDSL and Wireless WAN ports.

  • Ethernet port supports SCADA protocols like Modbus/TCP, DNP3/IP and IEC60870-5-104.

  • Two serial port gateways for remote serial data (TCP/IP or UDP/IP) to serial ports (one RS232, one RS485). Data rates from 300 to 115200 bit/s.
  • Serial ports support SCADA protocols like Modbus RTU/ASCII, DNP3 and IEC60870-5-101.

  • IPsec and OpenVPN tunnels for secure communication with Ethernet and serial ports.

  • GRE tunnels for linking multicast protocols like RIPv2 and OSPF over IPsec tunnels.

  • Secure Layer-2 Ethernet bridging over OpenVPN tunnels.

  • Secure access to Serial port gateways. (VPN tunnel or access restrictions in firewall).

  • Up to 4 separate LAN networks (over VLAN) with individual DHCP servers.

  • Static routing and dynamic routing (BGP, OSPF, RIPv1 and RIPv2).

  • Dynamic NAT (IP masquerading) for outgoing connections.

  • Static NAT (Port forwarding) for incoming connections.

  • Stateful firewall for access control, data forwarding and rate limiting (DoS protection).

  • Device Management services: HTTP/HTTPS, CWMP(TR-069), IXplatform, SNMP and CLI.

  • Firmware updates via local Ethernet port, remotely via HTTP/HTTPS (upload or download), invoked by CWMP(TR-069), SNMP, web interface or CLI command.

  • Role-based access control for administrative access.

  • RADIUS support for user authentication. Access roles determined by RADIUS attributes.

  • Certificate management and enrolment: Manual or SCEP.

  • System alerting by means of: Email, SNMP traps and SMS.

  • Independent watchdog/reset controller for monitoring vital system functions.

  • Dry contact sensor (input) with status reporting and alerting via SNMP, Email or SMS.

  • Dry contact (output) for automatic alarm/status indication or remote control.

  • Temperature sensors (system and WWAN) with status reporting via SNMP and HTTP
    and alerting via SNMP trap, Email or SMS.

  • Isolated supply voltage input for industrial applications (suitable for AC and DC).

  • Supply voltage ranges: 11-36Vdc/11-28Vac, 18-60Vdc/18-30Vac or 18-72Vdc.

  • Extended operating temperature range: -40C to +70C

  • Din-Rail or panel mounting.



Application Areas

Remote site access
The RSA-1220W3 is designed for access to unmanned remote sites like electric power substations, roadside cabinets for traffic control, remote surveillance etc. The unit provides connectivity for Remote Terminal Units, PLCs and other equipment and supports both Ethernet and serial ports. Various options for secure VPN tunnels like IPsec and OpenVPN are available. In combination with GRE tunnels or secure Layer2 tunnels, all possible layer2 and layer3 network protocols can be transported.

Remote Machine access

Machine builders often offer remote access support and diagnostics for their installed machines. However, network security policies of a factory may make direct remote access very cumbersome or even impossible. To overcome these situations the RSA routers and connected machines can be made accessible via a secure 3rd party cloud service. The RSA router in the factory can make connection to the cloud platform via the factory network without the need for changing or adding firewall rules. Alternatively, the routers can have their own connection to the outside world via xDSL or WWAN, thus totally bypassing the factory network. The cloud platform offers access to the remote machines via smart phones, tablets or PCs connected to the internet and without the need to create your own VPN network. Via the platform, web based services are available for accessing the router's user interface and web servers or VNC servers of attached machines.


Wireless WAN

The RSA-1220W3 incorporates an internal cellular wireless WAN (WWAN) module for internet connectivity via mobile networks.
Two versions are available: The RSA-1220W33 with worldwide 2G and 3G support and
the RSA-1220W34 with support for 2G/GSM, 3G/UMTS and 4G/LTE networks in Europe and many other countries. Versions for 4G/LTE operation in the USA are available on request.
The WWAN port can be used as primary connection but can also serve as back-up for the xDSL WAN link.


Failover operation of WAN ports and interfaces
All WAN interfaces can be used as primary WAN or back-up WAN interface.
Alternative paths are selected automatically accoring to priority and availability.

Serial port gateways


The integrated Serial Port gateways offer remote access to the unit's serial ports.
One gateway connects to the RS485/RS422 port, the other to the RS232 port.
Combined operation of RS232 and RS485 to a single gateway is also possible.

The network connection to the serial port gateways allows for the use of various tools like "virtual com port drivers", direct IP socket connection or dedicated application software. Also other
"serial to Ethernet converters" or another Mulogic router can be used. In addition, the serial ports can also be accessed by means of a telnet connection.


Information and Access Security: IPsec, OpenVPN and Firewall.
As the unit in most cases will be connected to the public internet, extra security features such as IPsec and OpenVPN are supported. IPsec and OpenVPN protect against unwanted access and eavesdropping of the data. With IPsec and OpenVPN encrypted virtual tunnel connections can be created. Only devices at the end-points of the tunnel can communicate and the data is protected from eavesdropping.

A single
RSA-1120 can support multiple IPsec or OpenVPN tunnels.
The OpenVPN tunnels can operate in routing mode (layer-3) but can also be used to transparently bridge Ethernet frames (Layer-2).

The unit's firewall features are used for static or dynamic NAT routing (port forwarding and IP masquerading) and blocking or granting access to the devices attached to the unit and the unit's configuration and management interface.
This makes it possible to block all access
from unknown IP addresses. In addition, several options are available to limit the rate of incoming or outgoing data as protection against DoS attacs.

Configuration and remote management.
The RSA-1220W3 can be configured and managed in multiple ways:
  • Web browser (http and https).
  • TR-069 CWMP.
  • HTTP Post for scripted configuration and control.
  • IXplatform.
  • Command line interface via telnet, SSH, or serial port.
  • SNMP manager.

Device power supply
The RSA-1220W3 is equipped with a galvanically isolated power input.
Three voltage ranges are available:
  • 11-36Vdc/11-28Vac.
  • 18-60Vdc/18-30Vac.
  • 18-72Vdc.
For mains power operation (100..240Vac) an external power adapter or power supply is used.

Extended temperature range
The RSA-1220W3 is designed for operating under extreme temperature conditions.
It is suitable for operating at ambient temperatures ranging from -40C to +70C.


Technical Specifications

xDSL modes
  • ANSI T1.413 Issue 2 (ADSL)
  • ITU-T G.992.1 (G.dmt)
  • ITU-T G.992.2 (G.lite)
  • ITU-T G.992.3/4 (ADSL2)
  • ITU-T G.992.3 Annex L (RE-ADSL)
  • ITU-T G.992.5 (ADSL2+)
  • ITU-T G.992.5 Annex M (ADSL2+M)
  • ITU-T G.993.2 VDSL2 (profiles: 8a, 8b, 8c, 8d, 12a, 12b, 17a)
  • ITU-T G.993.5 and G.993.2 Annex Y VDSL2 Vectoring
  • ITU-T G.998.4 (G.INP) Impulse Noise Protection
  • SRA (Seamless Rate Adaption)
  • Hardware is suitable for both ADSL Annex A/M and Annex B/J 

xDSL encapsulation protocols
  • PPP Over ATM (PPPoA, RFC2364)
  • PPP Over Ethernet (PPPoE, RFC2516)
  • Ethernet Over ATM (MER/IPoE, RFC2684)
  • IP Over ATM (IPoA - CLIP, RFC2225)
  • MAC Encapsulation Routing (MER, RFC2684)
  • Ethernet bridging (RFC2684 Bridge mode)
  • PTM with tagged or untagged VLAN
  • PPPoE MTU up to 1500 (RFC4638)

Wireless cellular modes  
  • 3G/UMTS bands (WCDMA/FDD): 800, 850, 1900, AWS and 2100 MHz
  • 2G/GSM bands: 850, 900, 1800, 1900 MHz
  • UMTS/HSPA+, 3GPP release 6/7
  • GSM/GPRS/EDGE, 3GPP release 99/4
  • HSDPA/HSUPA data rates DL: 7.2/14.4 Mbit/s, UL: 2.0/5.76 Mbit/s.

IP routing
  • Static routing
  • Dynamic routing: OSPFv2, OSPFv3, RIPv1/v2 and BGP-4.

Firewall
  • Statefull firewall for access and data forwarding control, Rate limiting, NAT routing and port forwarding.

Tunnel protocols
  • IPsec, OpenVPN and GRE.

IPSec features
  • Mode of operation: Tunnel mode.
  • Key exchange method: Automatic (IKE, IKEv2).
  • Authentication method: Pre-shared key or X.509 Certificate.
  • PFS support (Perfect Forward Secrecy): RFC 2412.
  • Phase 1 mode: Main or Aggressive.
  • Phase 1 and 2 Encryption Algorithms: 3DES, AES-128, AES-192 or AES-256.
  • Phase 1 and 2 Integrity Algorithms: MD5, SHA-1, SHA-256, SHA-384, SHA-512 or SHA-256-96.
  • Diffie-Hellman groups for key exchange: DH Group 1 (768 bit), Group 2 (1024 bit),
    Group 5 (1536 bit), Group 14 (2048 bit), Group 15 (3072 bit), Group 16 (4096 bit).
    NIST ECG25 (192 bit), ECG26 (224 bit), ECG19 (256 bit), ECG 20 (384 bit) and
    ECG21 (521 bit).
    Brainpool ECG27 (224 bit), ECG28 (256bit), ECG29 (384 bit) and ECG30 (512 bit).
  • Key Lifetime: 1-28800 seconds.
  • DPD (dead peer detection).
  • NAT-traversal and NAT KeepAlive.
  • Up to 10 IPsec tunnel configuration profiles.

OpenVPN features
  • P2P, client and Server mode
  • UDP, TCP server, TCP client
  • Modes: L2 Bridged, L3 Routed
  • Authentication methods: Pre-shared secret, X.509 Client, X.509 Server.
  • Encryption Algorithms: 3DES, AES-128, AES-192, AES-256 or Blowfish.
  • TLS authentication.
  • LZO Compression.

Ethernet port
  • 10/100baseT
  • Half and Full duplex
  • Auto-MDI/MDIX
  • 802.1Q VLAN support
Serial ports
  • Port 1: RS232 DB9 Male connector (DTE pinout).
  • Port 2: RS485/RS422 at 4-pin screw terminal connector.
  • Port rates: 300, 600, 1200, 2400, 4800, 9600, 19k2, 38k4, 57k6 or 115k2 bit/s.
  • Data formats: 8N, 8E, 8O, 7E, 7O. One or two stop bits.
  • Buffer size: 10, 20, 50, 100, 200, 300, 400, 500, 1000 or 1500 bytes.
  • Forwarding timeout: 1, 2, 5, 10, 15, 20, 50, 100 or 200 msec.
Serial gateways
  • Operating modes:TCP server, TCP client, Telnet server, UDP client/server
  • Maximum number of concurrent connections: 256.
  • TCP Alive check and Data Activity check.
  • Statistics per connection.

Power supply voltage ranges
  • RSA-1220W3/Vr1: 11-36Vdc/11-28Vac (7W)
  • RSA-1220W3/Vr2: 18-60Vdc/18-30Vac (6W)
  • RSA-1220W3/Vr3: 18-72Vdc (6W)

Dimensions and weight
  • Dimensions RSA-1220W3: 143x38x95mm(HxWxD),  Weight: 560 gr.

Environment
  • Operating temperature range: -40C to +70C, Humidity:5..95%
  • Storage temperature range: -50C to +80C, Humidity:5..95%

Compliances
  • CE directives: 2004/108/EC and 2006/95/EC.
  • EMC: EN 55022, EN55024: Emission limits and immunity for residential environments.
  • EMC: EN 61000-6-2: Immunity for industrial environments.
  • Network: Compatible with 1TR112 for U-R and U-R2 interfaces.
  • Electrical Safety: EN 60950.
  • Mechanical Stability: IEC 60068-2-27 shock, IEC 60068-2-6 vibration.

Order codes
  • RSA-1220W3/Vr1 (11-36Vdc/11-28Vac, 2G/3G)
  • RSA-1220W3/Vr2 (18-60Vdc/18-30Vac, 2G/3G)
  • RSA-1220W3/Vr3 (18-72Vdc/no AC, 2G/3G)

Mulogic BV - Plesmanstraat 58D - 3905KD - Veenendaal - The Netherlands - Tel: +31 850 160600 Fax: +31 850 160601
E-mail:inform@mulogic.com

Back to Products page