Nortel Strengthens VPNs

Nortel Networks is trying to make IP virtual private networks twice as nice by doubling the performance of its VPN appliance product family.

The company will unveil three new models of its Contivity Extranet Switch (CES), capable of supporting up to 4,000 simultaneous VPN tunnels and leapfrogging the performance of a recent Cisco Systems entry into the still-developing VPN market.

The three new CES models are a new generation of boxes based on technology from last year’s Bay Networks purchase of New Oak Communications. Shortly after the New Oak acquisition, Bay was incorporated into Nortel.

The new branch-office CES 1500 will support 100 simultaneous secure tunnels through the Internet or other IP network. That compares with 50 such tunnels in the comparable current product, the Nortel CES 1000.

Nortel’s new line-up comes hard on the heels of Cisco’s full-fledged jump into the VPN appliance market with the Cisco 7100 series routers. The routers add tunnelling, data encryption, firewall and other VPN capabilities.

The new top-of-the-line Nortel box supports twice as many VPN tunnels as Cisco’s, which supports a maximum of 2,000 simultaneous tunnels. In addition, new software Release 2.5 for the entire Contivity family now includes Routing Information Protocol support and integrates Check Point Software’s Firewall-1.

Nortel officials also tout the flexibility of the Contivity product line. Contivity devices can support a VPN focused on individual end users dialling up via multiple ISPs through the Internet, an internal corporate VPN to replace leased lines or frame relay, or a combination of the two.

For example, the smallest box can be installed at corporate branch offices and supplier or customer locations, with the mid-size CES 2500 at larger regional offices and the CES 4500 at data centres. Additionally, individual remote or mobile end users are given an IP Security (IPSec)-based client to perform encryption and initiate a tunnel. Nortel’s list prices include an unlimited licence for the IPSec client, which must be installed on all end points throughout a VPN.

The data centre box can support 4,000 simultaneous connections from any combination of these remote installations.

Nortel’s previous generation of VPN products tended to work simply as an Internet replacement for remote access services, said Matthew Kovar, a senior analyst at The Yankee Group. Though that saved 1-800 and ISDN toll charges, “it was really just a dial-up world for them before,” he said. The new product line-up adds robust LAN-to-LAN interconnection to the VPN, Kovar said.

The CES 1500 is available now with the IPSec client; the Check Point firewall costs extra. The CES 2500 and 4500 and the new software release are due to be available June 28.

Nortel Networks in Brampton, Ont., can be reached at 1-800-466-7835 or at