Nortel sets its VPN sights on smaller sites

Nortel Networks Inc. is introducing two boxes that make it more affordable to hook smaller sites to corporate VPNs.

The Contivity 100 and 600 devices are designed for remote offices with less than 30 users connected to a VPN via dial-up or dedicated links.

Previously, Contivity users were limited to larger switches, which have too much capacity and are too expensive for small offices. The alternative for these customers was to connect individual PCs at remote sites to their VPNs using Contivity software, but that could be an administrative hassle. Also, remote PCs had to make their own dial-up connections rather than sharing a link.

With Contivity 100, customers can provide a five-user office with access to a VPN using a single Internet connection. The device comes with an Ethernet connection to tie to an external DSL, ISDN or analogue modem to connect to the Internet. Customers can also buy the device, which performs Triple-DES encryption at 3Mbps, with optional built-in modems. This is similar to VPN gear made by Indus River, Intel and NetScreen.

The Contivity 600 must use an external modem or router to connect to the Internet, but a model with integrated WAN ports is on the drawing board. The product handles 30 simultaneous tunnels and performs Triple-DES encryption at 10Mbps. Nortel says this will compete with Cisco’s 3000 series and 1700 router.

Nortel still lacks a low-end, US$500 box that companies could use to support telecommuters who now rely on PC software clients, said Jeff Wilson, an analyst with Infonetics. Such appliances would support dedicated connections such as DSL, and network administrators could preconfigure them to avoid end-user changes, he said.

In addition, such appliances would handle VPN processing, off-loading the burden from a PC’s CPU. Nortel says it has no short-term plans to build such devices.

Nortel is also switching out the firewall that comes with Contivity equipment. The company is ditching Check Point’s Firewall-1 in its VPN products in favour of a firewall built by Nortel itself. Nortel said this streamlines management because its VPN platform can also manage its firewall. Check Point’s management program was separate.

Contivity equipment will now also support Open Shortest Path First (OSPF) and Virtual Router Redundancy Protocol (VRRP). OSPF will enable faster rerouting times when VPN links fail, and VRRP will let customers pair Contivity equipment at a site for failover purposes.

These features are aimed at companies that use site-to-site VPNs as the primary connection between offices.

New software also enables the Contivity equipment to dedicate bandwidth to certain users or classes of users.

The Contivity 100 costs US$1,000 without built-in WAN hardware. With DSL, ISDN or analogue WAN ports built in, the price ranges up to US$1,400. The Contivity 600 costs US$2,400 for the base model. It costs US$500 more for a firewall and US$1,000 more for advanced routing capabilities.

For more information, see Nortel on the Web at