CSP VPN Gate

The uniqueness of new family of solutions is caused, on the one hand, by ample opportunities of a hardware platform, and with another – functionality of the Russian software certified as the means of cryptographic information protection (MCIP). Servers of the Cisco UCS C-200 series are the optimal platform for application as the selected devices for protection of a communication channel of the distributed companies and data processing centers and creation of the failsafe systems and systems with balancing of loading.

The gateways CSP VPN Gate use the standard IPSec protocol, at the same time ensuring safety of the transmitted data based on the Russian cryptographic standards. Solutions offer the developed routing and support of mechanisms of service quality of priority traffic (QoS) that is necessary for protection of IP-telefonii services and video. New products are intended for protection of communication channels in the geographically distributed companies and also for ensuring the protected interaction of data processing (DPC) and safe communications of mobile employees between centers. Solutions are controlled with the help well-known to network specialists of a command control interface of CLI. Administration of a set of gateways can be performed using Cisco Security Manager.

Solutions are certified by FSB of Russia as a CIPF on class KC1 or KC2 depending on a complete set, and the FSTEC certificate of Russia confirms for them the estimated trust level of OUD 3+, compliance to the 3rd level of absence control of not declared opportunities and a possibility of use during creation of automated systems to a class of security 1G inclusive and personal data information systems (ISPDN) to 1 class inclusive. Thus, products are applicable during the work with personal data and can be used both in corporate, and in public sector.

The family consists of five products. All of them are constructed based on the high-performance Cisco USC-200 platform that provides a range of opportunities. Performance level of solutions - from 800 to 3100 Mbps of the encoded traffic *, any of them is rather compact since borrows in a rack only 1U. One of the senior models is especially interesting to the organizations for which the maximum reliability is necessary: it offers an opportunity of mirroring of hard drives and duplication of power supplies for creation of a failsafe configuration. The presented solutions are compatible to all product line C-Terra and can be used together with the VPN gateway NME-RVPN performed by MCM. Thus, the Russian customers for the first time received such broad set of the certified VPN solutions on a hardware platform from one producer – Cisco company. The choice of the specific solution caused by a ratio "price performance" remains for the customer.

• Performance measures are mentioned when using the most popular algorithm for the creation of IPsec-tunnels including enciphering without integrity checking (ESP). Measurements were performed on UDP packets of 1400 bytes.

2011: CSP VPN Gate 3.1 received new certificates of FSB of Russia as means of protecting of cryptographic information (CIPF)

CSP VPN Gate of version 3.1, according to the wording of certificates, can be used for protection of the information transferred under the TCP/IP protocol which is not containing the data which are the state secret with accomplishment of the following functions: package traffic filtering; protection of traffic on the basis of enciphering of packets under the IPSec AH and/or IPSec ESP protocols; identification and authentication of partners at connection establishment; control of integrity of packets with use a hash function.

Execution of separate certificates allowed the company to select for each execution in the common decision of CSP VPN Gate of version 3.1 in execution options 2, 4 and 5 hardware-software (and in execution options 1, 3 purely program) means of cryptographic information protection.

Options of execution 4 and 5 mean that the special boot carrier "MARCH!" installed either on the server, or in a client workplace is a part of the solution CSP VPN Gate. "MARCH!" guarantees providing the entrusted communication session, solving security of remote access. Thanks to this carrier on computers of users the isolated software environment ensuring safety of the data transferred on network during the work with resources of a remote information system can be created.

Protection level on class KC2 can be reached also in the information systems constructed based on the module NME-RVPN (MCM) now. The module is the joint development of Cisco and C-Terra companies released according to the document "Order of Production Organization of the Product "The Network Module Upgraded (MCM)" within Under Control Technology Process in the Territory of the Russian Federation" approved by the FSB of Russia Center. From the moment of the first release in 2006 and still this product is the security protection of networks, unique for the Russian market, combining work based on the standard IPSec protocol and application of the Russian cryptographic standards. The module NME-RVPN (MCM) provides both effective routing, and protection of traffic of data, voices, video, and has the single interface of management with Cisco safety controls.