Patton DMZ Secure Routers streamline DMZ implementation and secure-firewall configura-
tions for enterprise networks without sacrificing QoS for critical business traffic.

IPLink Managed VPN Routers are a family of next generation
appliances that address both the security and the traffic pri-
oritization needs of enterprises. The Model 2823 Secure
DMZ Router with integrated QoS makes it easy for enterpris-
es to isolate their web servers in a secure demilitarized zone
(DMZ). The three-port router physically provides and logical-
ly separates connections to a private LAN and a DMZ net-
work, while still allowing secure business-class Internet
access with traffic-shaping services.

As with all IPLink VPN Routers, the Secure DMZ Router imple-
ments a comprehensive security environment. It all starts
with IPsec. By supporting ESP as well as AH, IPLink VPN
Routers provide data integrity, authentication, anti-replay and

data confidentiality to any traffic flow. DES, 3DES, and AES
provide standard encryption up to 256 bits. Firewall capabil-
ities of the IPLink VPN Routers include Access Control Lists
(ACLs), IP address and port filtering, and protection against
Denial of Service (DoS) attacks. Likewise, PPPoE protocols
include support for PAP and CHAP authentication.

QoS features include ToS/DiffServ marking and the configu-
ration of eight service class tags per IEEE 802.1p/Q. With
traffic scheduling and shaping, create dedicated bandwidth
guarantees, configurable burst tolerance, and policing to
include excess traffic discard. IP fragmentation is config-
urable to help minimize jitter in traffic flows.

Advanced IP features include RIPv1 & RIPv2 routing and
static route configuration. Static and dynamic NAT, NAPT,
DNS resolver and relay, dynamic DNS, and DHCP server fur-
ther add to the capabilities of the IPLink VPN Router. All
IPLink VPN routers can be managed via a web browser
(HTTP), command line interface (Telnet), or an SNMP man-
agement platform.

F E A T U R E S & B E N E F I T S

✔

Triple-Port Power DMZ—Use to configure the 3rd
10/100 Ethernet port as a physical and logical DMZ to
keep traffic off the local network.

✔

VPN Tunnels—Standard IPsec with AH and ESP ensures
maximum protection when traversing unsecured net-
works.

✔

Strong Encryption—DES, 3DES, and AES offer standards
based encryption algorithms from 56 to 256 bits.

✔

QoS/CoS Profiles—Configurable burst tolerance, band-
width guarantees plus reduce per flow traffic jitter as
required by the application.

✔

Configurable Security Profiles—Built-in IP address and IP
port filtering, ACLs and DoS attack detection creates a
comprehensive security environment.

✔

Enhanced IP Services—DNS resolver and relay,
NAT/NAPT, dynamic DNS, and DHCP server, eases inte-
gration.

✔

SNMP/HTTP Management—Easily manage the IPLink
VPN Routers via a simple web browser interface.

S P E C I F I C AT I O N S

WAN Ethernet port:
10/100Base-T (RJ-45 connector); auto-
negotiating; half/full duplex operation
with automatic MDI/MDI-X
LAN Ethernet Ports: One
10/100BaseT port (RJ-45 connector);
auto-negotiating; half or full duplex oper-
ation with automatic MDI/MDI-X plus
One 10BaseT (RJ-45 connector); half or
full duplex with automatic MDI/MDI-X
Management: CLI via Telnet; TFTP
for software upgrade and configuration
upload; SNMPv1; HTTP/web browser
Protocols: IP (RFC 741), TCP (RFC
793), UDP (RFC 768), ICMP & ICMP
Redirect (RFC 792), ARP (RFC 826). IP
Router with RIPv1 (RFC 1058), RIPv2
(RFC 2453), programmable static routes.
Integrated DHCP Server (RFC 2131), DNS
Relay (RFC 1631), IEEE 802.1p VLAN
Tagging, NAT/NAPT (RFC 1631/2391)
Security: IPsec including AH and ESP.
DES, 3DES, and AES encryption. Access
Control Lists (ACLs). IP port and address
filtering both by source and destination.
DoS Detection. Password protected sys-

tem management with a username/pass-

word for console and virtual terminal.

Power Supplies: External univer-
sal 90–260 VAC input or 48 VDC input.

(Optional Internal universal 90–260

VAC input.)

Compliance: CE Mark; Safety:
UL60950-1, CSA 22.2 6095001,

IEC/EN60950-1. Universal AC units are

US NRTL Listed; EMC Emissions: FCC Part

15 Class A; EN55022 Class A; EMC

Immunity: EN55024

Environment: Temp.: 0–40°C
(32–104°F); Humidity: 5–80% non-

condensing

Dimensions:
7.3W x 1.6H x 6.1D in.

(18.5H x 4.1W x 15.5D cm)

Weight: 30.5 oz./500g (models with
internal power); 24.4 oz./400g (models

with external power; no power supply)

Typical application

WAN

DMZ

LAN

iPhone

2823 IPLink

IP PBX

WWW

WWW, DNS

Server

No public access
to Private LAN