Ct043-3-2 - Remote Access Network: Asia Pacific University College of Technology & Innovation

[CT043-3-2 - REMOTE ACCESS NETWORK] UCTI
Table of Contents
Introduction.........................................................................................................................................................4
Primary Link.........................................................................................................................................................5
Secondary Link.....................................................................................................................................................6
DMVPN Overview............................................................................................................................................6
Overview desgin of the WAN...............................................................................................................................7
Description of technology used (DMVPN).......................................................................................................8
Dual DMVPN Cloud Topology..........................................................................................................................9
Technical description and operational requirement........................................................................................9
Process........................................................................................................................................................9
Advantages and Disadvantages of DMVPN....................................................................................................10
Advantages................................................................................................................................................10
Disadvantages............................................................................................................................................10
DMVPN Applications......................................................................................................................................11
Compare between the differences of DMVPN and Easy VPN........................................................................12
Standards and protocols................................................................................................................................13
DMVPN protocols......................................................................................................................................13
Overview and Recommendations..................................................................................................................15
Headquarter Office and Branches Secondary Link Recommendation.......................................................15
Secondary Link backup plan..........................................................................................................................16
Purpose of the Plan...................................................................................................................................16
Recoverability............................................................................................................................................17
Redundancy Requirements........................................................................................................................17
Hardware and software.....................................................................................................................................19
The overview of leased lines hardware.........................................................................................................19
The head quarter office lease line modem....................................................................................................19
ASMi-52........................................................................................................................................................19
LLM 1100.....................................................................................................................................................21
The ISDN hardware overview........................................................................................................................22
The Headquarter office Router......................................................................................................................24
Asia Pacific University College of Technology & Innovation Page 45

Cisco 3900 Series..........................................................................................................................................24

Cisco 3900 Series..........................................................................................................................................24
T3/E3 ATM Network Modules......................................................................................................................27
Cable specification.........................................................................................................................................29
Recommended Hardware..............................................................................................................................32
Headquarter Office....................................................................................................................................32
Branch Office.............................................................................................................................................32
Security Measures.............................................................................................................................................33
PILLARS OF BANK NETWORK SECURITY............................................................................................33
FIREWALL...................................................................................................................................................33
INTRUSION DETECTION..........................................................................................................................33
INTRUSION PREVENTION........................................................................................................................33
TECHNIQUES..................................................................................................................................................34
Virtual Private Network (DMVPN)...........................................................................................................34
PROTOCOLS...................................................................................................................................................39
IPSec..........................................................................................................................................................39
Point-to-Point Tunnelling Protocol (PPTP).................................................................................................39
Layer Two Tunnelling Protocol (L2TP)........................................................................................................39
Secure Socket Layer (SSL)..........................................................................................................................39
Limitations.........................................................................................................................................................40
Cancelation........................................................................................................................................................41
Reference..........................................................................................................................................................42
Online source.................................................................................................................................................42
Book source...................................................................................................................................................42
Appendix 1.........................................................................................................................................................43
Terms and Acronyms.....................................................................................................................................43
About the service provider............................................................................................................................44
Appendix 2.........................................................................................................................................................45
Contribution of each member.......................................................................................................................45

Abstract
In this document it provides the Wide Area Network design tools and its architecture that
would be governed the network layout for that would be implemented for the MCRM Bank. The
document describes WAN architecture that contains both primary link and secondary link.
On both primary and secondary link, their protocols are being elaborated so as to meet the required
link technology characteristics and their advantages and disadvantages over other protocols.
Furthermore, different necessary WAN devices are being described for both primary and secondary
link that would be applied for their connection. Also for each of the links there contains security
measures that would be employed to secure the WAN system since the banking system requires
secured connection as to protect network vulnerability.

Chapter 1
Introduction
MCRM Bank Berhad started its humble beginnings in 2005 in Malaysia operating in 5 branches
including the main office (HQ). It was incorporated on 31 May 2005 and commenced operations on
12 December 2006. In January 2007, MCRM Bank was listed on the Kuala Lumpur Stock Exchange.
In 2009, the finance Bank business of MCRM bank Berhad was enlarged; merged entity has over
planes to increase branches in Malaysia.
Today, as a new bank, it is the large financial service group in Malaysia. Its extensive products and
services include commercial banking, investment banking, Islamic banking and Internet banking.
Headquartered in Malaysia with 4 branch offices in Malaysia MCRM bank has a strong market
position and well-recognized business franchise.
The team assigned to come with WAN network that connect all the branches together with the
headquarter including the equipment needed as well as the software involve to configure the
connection together with the protocols needed to keep the connections secure from outside attackers.
The following chapters is fully illustrate the flow of connection and the overview design considering
the primary link as well as the secondary link.

Chapter 2
Assumption and the proposed solution
Primary Link:

Chapter 3
Secondary Link:
DMVPN Overview
D
MVPN is a simple, secure, low cost, scalable VPN-Tunnel. DMVPN supports
distributed applications including: data, voice, and video, with QoS. All of this can
be done in a secure IPSec VPN tunnel over an Internet connection. The only change
is the IP address of the GRE Tunnel. The spoke uses dynamic discovery of IPSec
tunnel end-points, (other spokes). No IPSec static configuration for each spoke. It’s
also considered as cost effective and secure communication for branch offices.
Because DMVPN (Hub-and-Spoke) supports multipoint GRE tunneling you can run VoIP, Video,
and Multicast services across your secure DMVPN link. (Cisco DMVPN, August 5, 2)
Figure (2.1)
Illustrate how DMVPN is secured and the design on the network
Cited: http://ibrainlesgenius.files.wordpress.com/2009/08/dmvpn.jpg

Overview desgin of the WAN
Figure 2.2: overview network design

Description of technology used (DMVPN):
Using of Dynamic Multipoint Virtual Privet network (DMVPN) that provided by Cisco to support the
secondary link of the network. DMVPN combines the existing capabilities of multipoint Generic
Routing Encapsulation (mGRE) tunnels, Next Hop Resolution Protocol (NHRP), and IPSec
encryption to provide a Hub and Spoke VPN infrastructure.
Quality of Service is enabled for DMVPN tunnel access traffic by utilizing the QoS for VPN feature
of Cisco IOS. QoS for VPN enables classification of packets entering a VPN tunnel prior to
encryption and encapsulation, also known as pre-classification. QoS for VPN is applied to the
DMVPN tunnel interface of all Hub and Spoke routers to enable QoS throughout the enterprise.
DMVPN is a digital service that allows sending and receiving voice, data and video at a faster speed
and higher quality as compared to normal telephone line. It is a proven high quality and reliable
service as well as cost-effective solution to enable users to use advanced applications like Internet
access, data transfer, and video conferencing while maintaining connectivity with traditional
telephone services.
When the primary link is either inaccessible or highly congested to above fifty percent of the
available bandwidth, then the secondary link will be activated through dial demand routing (DDR)
technique set in all routers in the entire network. The secondary link will always keep Bank
headquarters and branches connected to each others.
There is also one segment called Demilitarized Zone (DMZ Zone). DMZ Zone is a segment of
a network that separated from the other subnet in order to protect the internal network when there is
an intrusion. Hosts in the DMZ have limited connectivity to specific hosts in the internal network,
though communication with other hosts in the DMZ and to the external network is allowed. It is can
be said in a simple way, when there is an intruder come in and intends to hack the server in will
directly point to this server (Proxy Server) which is isolated from the internal zone (main network).
Therefore, the main network (internal zone) remains safe.

Dual DMVPN Cloud Topology

Branches in a dual DMVPN cloud topology with the hub-and-spoke deployment model provide p2p
mGRE over IPsec tunnels from the branch office locations to the central site which also supporting
secondary link between the central and the other branches in case of primary link goes down. In
addition to terminating the DMVPN tunnels, the branch router often provides WAN access, and in
some implementations may serve as a firewall.
The public address of branches routers can be assign automatically using dynamical-assigned IP
address as well as it can be statically defined, thus , the connection is fully secured because this
address are registered with the headend, which provides a mapping to the branch private address.
Technical description and operational requirement

Process:
Headend sites are typically connected with DS3, OC3, or even OC12 bandwidth, while branch offices
may be connected by fractional T1, T1, E1, T3, or increasingly, broadband DSL or cable access.
Branches router should have two or more tunnels to the campus headends in order to provide
redundancy. These headend routers can be geographically separated or co-located. For maximum
protection, both headend and site redundancy should be implemented. This design focuses on the dual
DMVPN cloud topology, with both a hub-and-spoke deployment model and backup plan.
Each deployment model in a dual DMVPN cloud topology has three control planes: the IPsec control
plane, the Generic Routing Encapsulation (GRE) control plane, and the routing control plane. Which
headend system architecture is chosen determines how each of the control planes is implemented.
Dual hub-dual DMVPN cloud is the topology used in this design in order to implement the network
traffic, where dual topology allows the network manager greater control over path selection than in a
single topology. In addition, the primary failover method is a dynamic routing protocol.
The hub-and-spoke deployment model is the most common deployment model. This model is the
most scalable, and predominately mimics traditional Layer 2 leased line, Frame Relay and ATM hub-
and-spoke networks. The headend is configured with a multipoint GRE (mGRE) interface, and the
branch with a point-to-point (p2p) GRE interface.
Having high availability DMVPN designed as a primary and secondary links to be configured
between each branch-end device and the headends. Under normal operating conditions, both the
primary and secondary tunnels are established. The routing protocol, such as EIGRP, maintains both
routes, with the secondary tunnel being configured as a less preferred route. This allows branch-end
devices to converge to a secondary headend without user intervention, in the event of a failure at one
head-end device. (Data-only Site-to-Site IPSec VPN Design Guide \ Cisco Systems, 2009)

Advantages and Disadvantages of DMVPN:

Advantages
DMVPN hub-and-spoke topology designs offer the following advantages:
 IP multicast is supported.
 Dynamic IGP routing protocols over the VPN tunnel are supported.
 Supported on all Cisco IOS router platforms (some limitations on high-end router platforms).
 Distribution of IPsec tunnels to headend routers is deterministic, with routing metrics and
convergence choosing the best path.
 All primary and secondary/backup DMVPN tunnels are pre-established, such that a new
tunnel does not have to be established in the event of a failure scenario.
 Configuration of both IPsec and mGRE is dynamic, which simplifies and shortens
configurations on the headend only. Provisioning of new branch offices can be done without a
configuration change/addition to the headend router(s).
 · Simplified and smaller configurations for hub and spoke
 · Zero-touch provisioning for adding new spokes to the VPN
Disadvantages
DMVPN hub-and-spoke topology designs have the following disadvantages:
 No support for non-IP protocols.

 IGP routing peers tend to limit the design scalability.
 No interoperability with non-Cisco IOS routers.
 Not possible to implement a QoS service policy per VPN tunnel.
 When QoS service policies are configured with IPsec designs, interaction between IPsec and
QoS can cause IPsec anti-replay packet drops.
 There is no direct acceleration support for the extra 4-byte mGRE tunnel key on the high-end
router platforms, such as the Cisco 7600 (or Cisco Catalyst 6500) with a VPNSM or VPN
SPA blade. However, there is a work-around that enables some acceleration capability (see
Scaling a Design, page45 for more information).

DMVPN Applications
Table 2.1: States the applications involved in DMVPN
Application Description
Sending of data quickly is done through hub-to-spoke dialing

avoiding the congestion and insecurity in Internet cloud. DMVPN
Fast Data Transfer
bond both channels together to send data to remote branch that
reducing the call charges.
Enable the connected point to access the internet for lower cost
Access the Internet
than individual dedicated line
It enables the HQ to remote control the network and provides

Remote Network Access resource sharing all among the branches, thus enables branches to
easily connect to the HQ.
It allows video conferencing with live full color, two-way video,

Video Conferencing and
audio and data communication. Also it’s providing high speed
(VoIP) Telecommuting
audio communication through the online VoIP technology.
Compare between the differences of DMVPN and Easy VPN

Table 2.2: Illustrate the main differences between DMVPN and easy VPN
Service feature name DMVPN Easy VPN

Support of multicast Traffic Yes -

Spoke-to-spoke Connection Yes -
Support of GRE\quality of Yes -
service QoS
Support for routing protocols Yes -
Support for certificates Yes -
Stateful failover Depends on routing protocol Yes
for recovery
Scalability per Hub Because of routing protocols Large number of spokes can
DMVPN Supported fewer be supported peer Hub
spoke peer Hub
Identical configuration for all - Yes
Hubs
cross platform Support - Yes
Support of software and Client hardware Supported Yes
hardware clients only
Always up tunnel to Hub Yes No required
Cited: DYNAMIC MULTIPOINT VPN, 2005
Standards and protocols

DMVPN protocols

DMVPN using protocols EIGRP or OSPF in between the spokes and the main hub which are
commonly used for further scalability as well its using the IP protocol to enable internet connection
through the secondary link:
 Enhanced Interior Gateway Routing Protocol (EIGRP)

Enhanced Interior Gateway Routing Protocol (EIGRP) is an interior gateway protocol suited for
many different topologies and media. In a well designed network, EIGRP scales well and provides
extremely quick convergence times with minimal network traffic.
 Open Shortest Path First (OSPF)

Open Shortest Path First (OSPF) is a particularly efficient IGP routing protocol that is faster than
RIP, but also more complex. It uses a tree that describes the network topology to define the shortest
path from each router to each destination address.
 Border Gateway Protocol (BGP)

The Border Gateway Protocol (BGP) is the routing protocol used to exchange routing information
across the Internet. It makes it possible for ISPs to connect to each other and for end-users to connect
to more than one ISP. BGP is the only protocol that is designed to deal with a network of the
Internet's size, and the only protocol that can deal well with having multiple connections to unrelated
routing domains. (Glasvezel.net.2002-2009)
 Routing Information Protocol (RIP)

The Routing Information Protocol, or RIP, as it is more commonly called, is one of the most enduring
of all routing protocols. RIP is also one of the more easily confused protocols because a variety of
RIP-like routing protocols proliferated, some of which even used the same name! RIP and the myriad
RIP-like protocols were based on the same set of algorithms that use distance vectors to
mathematically compare routes to identify the best path to any given destination address. These
algorithms emerged from academic research that dates back to 1957. (Cisco Systems-2009)
 Internet Protocol (IP)
IP is a layer 3 internetworking protocol used for routing of datagram through gateways connecting
networks and sub networks. It is a datagram-oriented protocol which treats each packet
independently. This means that each packet must contain complete addressing information.

Also, IP makes no attempt to determine if packets reach their destination or to take corrective action
if they do not as well as doesn’t do the checksum of the contents of a packet, only the IP header. The
datagram can travel along different routes and can arrive out of sequence or be duplicated.
IP is characterized as a best effort protocol, as it offers no guarantees of delivery, no sequence as

well as no error detection and correction mechanism. IP has two primary responsibilities: providing
connectionless, best-effort delivery of datagram through an internetwork; and providing
fragmentation and reassembly of datagram to support data links with different maximum-
transmission unit sizes.
IP provides several services such as:
o Addressing. IP headers contain 32-bit addresses which identify the sending and receiving
hosts. These addresses are used by intermediate routers to select a path through the network
for the packet.
o Fragmentation. IP packets may be split, or fragmented, into smaller packets. This permits a
large packet to travel across a network which can only handle smaller packets. IP fragments
and reassembles packets transparently.
o Packet timeouts. Each IP packet contains a Time to Live (TTL) field, which is decremented
every time a router handles the packet. If TTL reaches zero, the packet is discarded,
preventing packets from running in circles forever and flooding a network.
o Type of Service. IP supports traffic prioritization by allowing packets to be labeled with an
abstract type of service.
o Options. IP provides several optional features, allowing a packet's sender to set requirements
on the path it takes through the network (source routing), trace the route a packet takes
(record route), and label packets with security features. (IP Protocol Overview, 2003)
Overview and Recommendations

Headquarter Office and Branches Secondary Link Recommendation
This section presents a brief overview of the proposed solutions described along with deployment
recommendations for both of headquarter and the other branches. The following are high-level
recommendations for Solution DMVPN deployment supporting IP and multicast traffic including
routing protocols:
Table 2.3: Describe the recommendation services to the bank network

Task H.Q & Branches Services needed

DMVPN will be used a secondary link for the bank because its
Secondary link fast, flexible, scalable, highly reliability and digitally clear
connections
T1, which is a type of service offered by the Telekom
Service line
Malaysia which is an ISP for the bank.
Data, Voice, daily transactions and Video which will be
Data type
transmitted in a high speed and in a large ring bandwidth.
2 Mbps will be suitable to be use for the head quarter in
Bandwidth
transmitting data to and from its branches
IP and BGP are the types of protocols which are used to
control the access and data flow to and from the internet. And
Protocols applied EIGRP which manages data transmissions as well as network
traffic while RIP and OSPF used to routing protocol's path
from each router to each destination address.
Telekom Malaysia is a selected as the network ISP; because of
Service provider its services where it provides all beneficial to the bank for both
the primary link as well as the secondary link.
Cost Its depends on the usage of a particular service
Secondary Link backup plan

Table 2.4:
Task Description
The bank network use the secondary link along with DMVPN
services in order to update the offsite back up source with mirror
Link usage
image of the primary link transactions, because of its flexible,
highly reliability as well as the usability.
Service line E1 carrier technologies used because of fixed bandwidth,
dependent upon the technology. Bandwidth is constant and is

available symmetrically. These technologies are well established

and interoperability should rarely be a concern once the proper
encoding and framing are set on both ends of the link.
Data, Voice, Images and Video and all the daily transaction
Stored data type
among all the branches
1 Mbps will be suitable for the offsite backup in transmission of
Bandwidth
data from the headquarters.
Purpose of the Plan

In this bank scenario WAN connectivity backup is taken by Cisco DMVPN which it can be used as a
backup solution for private WANs, Allowing remote sites to connect securely to the enterprise head-
office over private links.
DMVPN it’s providing a backup support while the headquarters can connect to the offsite back up
source in case of system or network failure over the internet links which also provide recoverability
and data redundancy. (Cisco Dynamic Multipoint VPN, 2009 Cisco Systems)
It means that when the primary like failover the secondary link will automatically take-off all the
network operation because primary link is working consistently with the secondary so in case of
network failure the backup connection will take over the transmissions without any side effect such as
transmission delay or loss of data till the primary link in maintaining.
Recoverability
“The information stored on servers is the lifeblood of the company. Losing mission-critical
information can be devastating. Therefore, keeping data properly backed up is a key element of a
network’s recoverability” by WestNet, 1999.
The team has proposed a recovery plan that includes the following:

 Technological and automated procedure as a component of the system that copies all files on a
regular basis in a media such as Digital Audio Tape (DAT) which has a storage capability of
many gigabyte.
 Secure on-site storage that can protect backup media in the event of any accident such as fire,
flood. That can be stored in storage box then well flow back to the offside backup which is
located in the HQ.
 Secure off-site storage to preserve backups even after the total destruction of the original
building. It is advised for the bank to get service of companies that offer frequently replication
of data at a secure storage facility such as DataBank *.
Redundancy Requirements
In order to facilitate all functions of the Bank without disturbance by the network when any portion
gets down. The Bank is required to have redundant network paths. Therefore, the traffic is rerouted.
Redundancy would be built into the network by adding a second intermediate switch and all the other
switches in the building will be connected to that intermediate switch.
“The advantage of adding the intermediate switch is that it creates a foundation for greater network
expansion. Often these intermediate switches are modular chassis-based, which allows additional
modules to be added for future growth and technologies” (Michael & Robert 2003,p. 514.)
* OFFSITE DATA STORAGE & DATA PROTECTION SERVICES available at:

[ http://www.databank.com.au]

Figure (2.3)
Secondary link diagram
Illustrate the flow of data through the secondary tunnel in case of the primary link failed
Using of T1 in the first end of the network that allocated in HQ where we need very high speed to
connect to all the branches because it’s usually receive large amount of data flowing to the main base
as well as the head quarter need to fill-full all the needed requisites form other branches and avoid the
overload of connection issue.
In the branch side we are using feature of VDSL which provide high connection speed like 52 Mbps
for downstream and 1.5 to 2.3 Mbps for upstream the reason why we have suggest this kind of
connection is that the branches need to acknowledge the transaction connections so fast to be adapted
with the out-world-market and business hours its makes very big different if there is delay in
submitting the transactions on time.

Chapter 4
Hardware and software
The overview of leased lines hardware
To establish the leased line service we will use dedicated telephone connection between two points
that is set up for the MCRM bank headquarter office to the ISP’s router by a telecommunications
common carrier (v.35 serial line). To synchronize the signal we need two modems in between the
routers. One is in the office and the other one is in the ISP side and must be compatible to each other.
The head quarter office lease line modem

Patton Model 1082
ASMi-52
Data rates 2.3 Mbps over 2-wire and 4.6 Full-duplex rates from
Mbps over 4-wire 32, 56, 64, 128, or 144 kbps
Digital interfaces V.35/X.21/RS-530 V.35, X.21, 10Base-T

Ethernet, co-directional 64
kbps G.703
Setup and monitoring Telnet or ASCII terminal ASCII terminal

Range 10 km (6.2 miles) (miles) 5 miles
without repeaters
cost $859.87 $1,444.51
Figure 3.1: ASMi-52
Source: http://www.rad-direct.com/datasheet/ASMi-52.pdf

Figure 3.2: Patton Model 1082
Source: http://www.patton.com/datasheet/1082_datasheet.pdf
The branch office and backup site lease line modem
Figure 3.3: ASM-10/8
Source: http://www.rad.com/10/Sync_Async_Short_Range_Modem/2863/

Figure 3.4: LLM1100 1200 Baud Modem
Source: http://www.data-linc.net/pdffiles/manuals/LLM1100.pdf
RAD ASM-10/8
LLM 1100
Data rates 2.4 kbps to 19.2 kbps 300, 600, or 1200 baud half or
full duplex
Up to 1200 baud simplex.
Interfaces V.24/RS-232 Bell 202, CCITT V.23 (Bell

202 default).
Range 10 km (6.2 miles) Up to 20 miles (32 km)
Cost $ 110.00 $27500

The ISDN hardware overview
As the picture indicates minimal ISDN hardware must be set up to allow connection between two
stations such as computers. The incoming twisted pair enters a Telco-provided box called the network
terminator (NT1), which breaks the 144 Kbps channel into the two B and single D sub channels.


Source: http://mckerracher.org/isdn/#Introduction
ISDN components description
Component Description
Terminal Equipment (TE) End device in the ISDN link.
Terminal Equipment (TE1) ISDN native equipment which accesses
ISDN communication directly. Example;
fax machines and desk phones.
Terminal Equipment (TE2) None ISDN equipment which requires a
terminal adapter (TA) to establish an

ISDN connection.
Terminal adapter (TA) Provides non ISDN devices access to the
ISDN link.
Network Termination (NT1) Equipment for terminating the ISDN
signal at the end system. Example a
multiplexer.
Network Termination (NT2) Equipment used for
switching/transporting the ISDN signal to
the TE1
Reference points within an ISDN loop R: The link between a TA and any other
unrelated equipment.
S/T: The link between an NT1 and an

NT2, the S/T reference point is a four-
wire UTP cable.
U: The U reference point is the incoming

unshielded twisted pair (UTP); The link
between an NT1 and the public network
The Headquarter office Router
Router comparison
Product name Basic features
Cisco  Delivers scalable rich-media services

3900 including TelePresence, highest density
Series of service virtualization, and lowest
TCO with energy efficiency
 Ideal for high-end deployments
requiring business continuity, WAN
flexibility, superior collaboration
capabilities, and investment protection

 Field-upgradeable motherboard, circuit-

speed WAN performance up to 150
Mbps with services such as security,
mobility, WAN optimization, unified
communications, video, and
Source: customized applications
http://eunifi.com/images/routers/3900_Router2.jp  3 RU modular form factor
g
 Can be installed in enterprises running

desktops, servers, VoIP and Video
Juniper J4350
applications.
 It is compatible with Avaya voice

devices
 Prioritizes mission-critical traffic such
as voice
Source:
http://www.juniper.net/shared/img/products/j-  It is a WAN acceleration device
series/j4350/lbox-j4350-left.jpg
Technical description and comparison of routers for the head quarter office
Cisco 3900 Series Juniper J4350
Technology supported Generic Routing Encapsulation PPP, FR, MLPP, MLFR,

(GRE), Ethernet, Point-to-Point HDLC
Protocol (PPP), Multilink
Point-to-Point Protocol
(MLPPP), Frame Relay,
Multilink Frame Relay
(MLFR) (FR.15 and FR.16),
High-Level Data Link Control
(HDLC), Serial (RS-232, RS-
449, X.21, V.35, and EIA-530),
Point-to-Point Protocol over
Ethernet (PPPoE), and ATM
RAM capacity 1GB default memory provides Maximum Concurrent
head-room to minimize field Sessions: 512 MB / 1 GB

upgrades. DRAM 64 K / 128 K

High performance 150 Mbps 600 Mbps
Interfaces The Cisco 3900 Series provides 4 Network - Ethernet 10Base-
three 10/100/1000 Ethernet T/100Base-TX/1000Base-T -
WAN ports. RJ-45 , Management , USB
• Two of the three 10/100/1000
Ethernet WAN ports on the
Cisco 3900 Series can support
Small Form-Factor Pluggable
(SFP)-based connectivity in
lieu of RJ-45 ports enabling
fiber connectivity.
Security features Embedded hardware  Firewall Performance
encryption acceleration is (Large Packets): 1.6 Gbps
enhanced to provide higher  Firewall Performance
scalability, which, combined (IMIX): 600 Mbps
with an optional Cisco IOS  Firewall and Routing PPS
Security license, enables WAN (64 Byte): 225,000 pps
link security and VPN services
(both IPSec and SSL
acceleration).
• The onboard encryption
hardware out-performs the
advanced integration modules
(AIMs) of previous
generations.
Availability of technical YES YES

support
cost $9,142.00 $7,837.99
The branch office router
Figure 3.5: Cisco 2800 series
Source: http://www.tribecaexpress.com/images/cisco_2800_series.jpg

Figure 3.6: Juniper 2350
Source: http://www.geminiit.co.uk/images/j2350.gif
Router Basic feature

Cisco 2800 series Extension-voice-module (EVM)slot
Network Admissions Control (NAC)
Cisco Easy VPN remote and server support
Dynamic Multipoint VPN (DMVPN)
Juniper 2350 Five PIM slots for additional LAN/WAN

connectivity, Avaya VoIP Gateway, and WAN
acceleration.
Cisco and Juniper Network Module
Figure 3.8: T3/E3 ATM Network Modules

Figure 3.9: Dual-port Channelized T1/E1 PIM
Module Description
T3/E3 ATM Network Modules ATM Forum UNI 3.1/4.0 PVC compliant
Next Hop Routing Protocol (NHRP
Cisco
Permanent Virtual Circuits (PVCs) and
Switched Virtual Circuits (SVCs)
Dual-port Channelized T1/E1 PIM Dual ports
Fully integrated CSU/DSU
Juniper
Full, fractional and channelized
T1/E1 capabilities
Cost $1,830.37 $1,121.57
Technical description and comparison of routers for the branch office
Cisco 2800 series Juniper 2350
Technology supported Ethernet, Fast Ethernet, ISDN T1, E1, Fast Ethernet,
PRI Synchronous Serial, ISDN
BRI, ADSL2/ADSL2+,
G.SHDSL, DS3, E3, Gigabit
Ethernet interfaces
RAM capacity 256 MB of DRAM memory GB DRAM 256 / 512
Maximum: 1 GB
High performance up to 400 Mbps half duplex or 750 Mbps

800 Mbps
aggregate throughput)
Interfaces private branch exchange 2 Network - Ethernet 10Base-

(PBX), T/100Base-TX/1000Base-T -
Centralized Automated RJ-45 , Management , USB
Message Accounting (CAMA)
ISDN Basic Rate Interface
(BRI)
Security features Digital Encryption Standard - Firewall protection and

(DES), Triple DES (3DES),
content filtering
Advanced
Encryption Standard (AES) - VPN, NAT and VLAN
128, AES 192
support
- encryption
DoS attack prevention
Availability of technical yes yes
support
Cost $4320 $5928.52
Cable specification
The next step in setting up a network system is the selection of the cables. There are many different
serial cables with seemingly similar features, and finding the correct cable can be a challenge. Below
is the justification for the cables use in the primary and secondary link.
We are using the existing telephone line cable called public switched telephone network (PSTN) to
connect the leased line modem in primary link and ISDN/PRI in secondary link. It is the collection of
interconnected systems operated by the various telephone companies and administrations (telcos and

PTTs) around the world and it also known as the Plain Old Telephone System (POTS). (Golenewski,
2001)
Today the PSTN is almost entirely digital.The signal coming out of the phone set is analogue. It is
usually transmitted over a twisted pair cable still as an analogue signal. At the telco office this
analogue signal is usually digitised, using 8000 samples per second and 8 bits per sample, yielding a
64 kb/s data stream (DS0). Several such data streams are usually combined into a fatter stream.
There are two main types of PSTN line
T1: using in US which 24 DS0 channels combined
E1: using in Europe and other countries combine 31 DS0 channels
Within the ISDN connection twisted pair cable is used as traditional analog subscriber lines The
PSTN is largely governed by technical standards created by the ITU-T, and uses E.163/E.164
addresses. (Horak, 2000)
V.35 serial cable
This serial cable is chosen to connect the router to the modem to establish the leased line connection
in primary link. There are a lot of types of serial cable including EIA/TIA-232, X.21, V.35, EIA/TIA-
449, EIA-530, and EIA-613 HSSI. A number of different standards define the signaling over a serial
cable and specifies the connector.
V.35 serial cables connector classified by the number of their pin and gender. We can define what
kind of connector we should use by looking at the interface provided by the router for the head
quarter router it has 15 pin which means that we have to use the db-15

The following illustration shows serial cable CAB-E1-DB15= (part number CAB-E1-DB15), which
is compatible in the Cisco 3725 PRI bundle seriesThis cable has a male DB-15 connector on the
Cisco end and a DB-15 connector on the leased line modem. Unlike the head quarter the branch
office Cisco 2691 series router requires the DB-60 connector.
Figure 3.10: CAB-E1-DB15
Source: http://www.visc.vn/pictures_products/wqm1248863268.JPG
CAB-V35MC
The next figure shows serial cable CAB-V35MC, which is used in the branch office Cisco 2691
router to connect with RAD asm-20 modem. This cable has a male DB-60 connector on the Cisco end
and a male DB-15 on the modem.
Figure 1.11: serial cable CAB-V35MC

Source: http://www.alliancedatacom.com/images/h5697.gif
Recommended Hardware
Headquarter Office
In the face of Juniper and Cisco being two vendors which provide high quality networking hardware,
Cisco has more advantages valuable to increasing best and affordable solution for the MCRM bank
WAN connection.
The Cisco PRI bundle 3725 series will deployed at the head quarter office, because it provide the
efficiency use of the integrated interfaces as it supports both leased line and DMVPN. Instead of
buying the network module separately from the router, hence it reduces implementation cost.

For the primary link we suggest to use the RAD ASM-40 modem due to its wide range of
compatibilities meanwhile increases network performance instead of using the router built in modem
which would highly reduce the throughput of the entire network.
Branch Office
As mentioned above Cisco is one of the good vendors in providing hardware, for the branch office we
also recommend to use the Cisco 2691 router with Cisco Network module, unlike the 3725 bundle
series. Comparing to Juniper 4350 which also need network module embedded, Cisco offers higher
efficiency in manageability and cost.
As the primary link connection we recommend to use RAD ASM-20 modem, because of its range,
higher data rates and effective in cost. As we know the modem in branch office might be far from the
nearest office, so that we need a modem with wide range.
Chapter 5
Security Measures
PILLARS OF BANK NETWORK SECURITY
Nowadays, Internet is an increasingly dangerous place, particularly as network attacks have
evolved from a hacker’s hobby to a sophisticated and lucrative business. Well-defended banks
typically install all three pillars of security when they construct their network defenses
FIREWALL
Firewalls selectively block network and Internet traffic. For example, if FTP sites are off
limits to your institution, your firewall can be configured to block access to the FTP port. You could
also block the employee from opening mail by block the traffic from the mail sites itself. Firewalls

can also be configured to block everything except specified traffic. Unfortunately, Internet attackers

can easily circumvent firewall blocking techniques. FTP servers can use a different port, and websites
can act as gateways to blocked sites without your firewall knowing.
INTRUSION DETECTION
Next pillar of network security is Intrusion Detection Systems (IDS). This IDS looking for
intrusions in process (e.g. accessing forbidden sites) or viruses/worms such as ‘Trojan Horse’ attempt
to gain access to control. The IDS will records for each dangerous pattern and alerts the network
security personnel. However, network security personnel must be carefully configured the IDS to
send alerts only on dangerous traffic. The IDS are unable to stop troublesome network traffic.
Someone must review the attack information and attempt to block it.
INTRUSION PREVENTION
Intrusion Prevention System (IPS) is the combination of firewall and Intrusion Detection
System technology. IPS watch the network traffic like IDS and determining which one should be
permitted any given traffic like firewall. IPS stops the attack by blocking traffic between the attacker
and the victims unlike IDS which can only note ongoing attack and pass the alert to the analyst. A
properly tuned IPS is incomparable defense against network based attacks.
TECHNIQUES
Virtual Private Network (DMVPN)
TYPES OF DMVPN
Table 4.1:
Remote Access DMVPN

Figure 4.1: DMVPN gateway
Involving a single DMVPN gateway. Other party involved in negotiating the secure
communication channel with DMVPN gateway is a PC or Laptops that connect to the internet
and running DMVPN Client software. DMVPN Client allows telecommuters and travelling users
to communicate on the central network and access servers from many different locations. Benefit
of this DMVPN type is significant cost savings by reducing the burden of long distance charges
associated with dial-up access. Also helps increase productivity and peace of mind by ensuring
secure network access regardless of where an employee physically is.
Table 4.2:
PPTP DMVPN (Dial Up DMVPN)

Figure 4.2: illustrate Point-to-Point Tunneling Protocol
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer
of data from a remote client to a private enterprise server by creating a virtual private network
(DMVPN) across TCP/IP-based data networks. PPTP supports on-demand, multi-protocol,
virtual private networking over public networks, such as the Internet.
PPTP-based Internet remote access DMVPNs are by far the most common form of PPTP
DMVPN. In this environment, DMVPN tunnels are created via the following two-step process:
1. The PPTP client connects to their ISP using PPP dial-up networking (traditional modem).
2. via the broker device (described earlier), PPTP creates a TCP control connection between the
DMVPN client and DMVPN server to establish a tunnel. PPTP uses TCP port 1723 for these
connections.
PPTP also supports DMVPN connectivity via a LAN. ISP connections are not required in this
case, so tunnels can be created directly as in Step 2 above.
Once the DMVPN tunnel is established, PPTP supports two types of information flow:
 Control- messages for managing and eventually tearing down the DMVPN connection.
Control messages pass directly between DMVPN client and server.
 Data- packets that pass through the tunnel, to or from the DMVPN client

PPTP Pros and Cons

PPTP remains a popular choice for DMVPN s thanks to Microsoft. PPTP clients are freely available
in all popular versions of Microsoft Windows. Windows servers also can function as PPTP-based
DMVPN servers.
One drawback of PPTP is its failure to choose a single standard for authentication and encryption.
Two products that both fully comply with the PPTP specification may be totally incompatible with
each other if they encrypt data differently, for example. Concerns also persist over the questionable
level of security PPTP provides compared to alternatives.
Site-To-Site DMVPN
Figure 4.3: Site-To-Site DMVPN
Site-to-site is similar as point-to-point except there is no dedicated line in use. Each site has its own
internet connection which may not be from the same ISP or even the same type. One may have a T1
while the other only has DSL. Unlike point-to-point, the routers at both ends do all the work. They do
all the routing and encryption. This is an easy way to connect two offices without having each user
dial-up using a PPTP connection. Site-to-site DMVPNs can work with hardware or firewall devices.
On the software side, you can use something like ‘Clarkconnect’. On the hardware side, you can have
many different devices to choose from. The site to site DMVPN solutions provide security at the
same time being affordable. It provides broadband connection via internet. It also meets WAN
requirements apart from adding cheer to many businesses. It delivers reliable transport for complex
mission-critical traffic, such as voice and client-server applications, without compromising
communications quality.
Point-To-Point DMVPN

Figure 4.4: Point-To-Point DMVPN
Another site to site DMVPN is a point-to-point. Simply put, two or more networks are connected
using a dedicated line from an ISP. These are usually T1's, Metro Ethernet, or OC lines. The main
strength of using a leased line is that is a circuit-based point-to-point connection. It does not go out
over the public Internet, so there performance is not degraded by routing problems, latency, and
external congestion. A physical loop of wire or fiber must be used to connect the destinations.
However, these are true point-to-point connections the maximum throughput can usually be achieved.
Meaning, a T1 passes data at a full 1.54 Mbps.
MPLS DMVPN (Multi Protocol Label Switching DMVPN)

Figure 4.5: MPLS DMVPN (Multi Protocol Label Switching DMVPN)
Multiprotocol Label Switching (MPLS) is a standards-approved technology for speeding up network

traffic flow and making it easier to manage. It was originally designed to improve the store-and-
forward speed of routers. MPLS was created as a team effort on the part of Ipsilon, Cisco, IBM, and
Toshiba. These companies worked together as part of the IETF (Internet Engineering Task Force) and
MPLS was born. MPLS does perform better than a site-to-site DMVPN because there is less
overhead, and the routing between sites is optimized by static routes from your ISP. Most larger ISPs
can even bring your data center (if you have one) into your MPLS network. MPLS involves setting
up a specific path for a given sequence of packets, identified by a label put in each packet, thus saving
the time needed for a router to look up the address to the next node to forward the packet to. MPLS is
called multiprotocol because it works with the Internet Protocol (IP), Asynchronous Transport Mode
(ATM), and frame relay network protocols. With reference to the standard model for a network (the
Open Systems Interconnection, or OSI model), MPLS allows most packets to be forwarded at the
layer 2 (switching) level rather than at the layer 3 (routing) level.
PROTOCOLS

IPSec
IPSec is the most dominant protocol for secure DMVPNs. IPSec (IP Security Protocol) provides
encrypted security services. These services enable authentication, as well as for access and
trustworthiness control. IPSec provides similar services as SSL, but it works on a network layer.
Through IPSec you can create encrypted tunnels (DMVPN) or encrypt traffic between two hosts.
Point-to-Point Tunnelling Protocol (PPTP)
PPTP is a set of communication rules that allows corporations to extend their own corporate network
through private ‘tunnels’ over the public Internet. Effectively, a corporation uses a wide-area network
as a single large local area network. A Bank no longer needs to lease its own lines for wide-area
communication but can securely use the public networks. This kind of interconnection is known as a
virtual private network (DMVPN). Point-to-Point Tunnelling Protocol is used to ensure that
messages transmitted from one DMVPN node to another are secure. With PPTP, users can dial in to
their corporate network via the Internet. PPTP uses TCP port 1723 for its control connection and
GRE (IP protocol 47) for the PPP data. PPTP supports data encryption by using MPPE. PPTP made
by: Point-to-Point Protocol (PPP), Authentication Protocols (PAP, CHAP, MS-CHAP v1, MS-CHAP
v2),Microsoft Point-To-Point Encryption (MPPE), Generic Routing Encapsulation (GRE)
Layer Two Tunnelling Protocol (L2TP)
The Layer 2 Tunnelling Protocol (L2TP) was developed by combining features of PPTP with Layer 2
Forwarding (L2F) protocol. One of the advantage of L2TP over PPTP is that it can be used on non-IP
networks such as ATM, frame relay and X.25. Like PPTP, L2TP operates at the data link layer of the
OSI networking model. L2TP DMVPNs are supported by many major firewall products, including
ISA Server, CheckPoint, Cisco PIX, and WatchGuard.
Secure Socket Layer (SSL)
Secure Socket Layer is a form of DMVPN that can be used with a standard Web browser. In contrast
to the traditional Internet Protocol Security (IPSec) DMVPN, an SSL does not require the installation
of specialized client software on the end user's computer. It's used to give remote users with access to
Web applications, client/server applications and internal network connections.
Chapter 6

Limitations
In this documentation we have faced some difficulties with technical terms used in both hardware and
software specification, selecting appropriate devices among the best available multivendor to provide
a WAN solution for our customer, MCRM Bank.
In addition there is no enough resources that supporting to find about the latest technology to be able
to implement it along in this assignment as well the time period that is totally not enough to come up
with such a project, I believe that if we had more time to do this tasks we will perform much better
because that give us the ability to research and schedule the time properly.
Cancelation

We have acquired both technical skills and different WAN theories from this assignment. However,
we did intensive researches as in the process of solving the assignment problem. In due search we
have developed strong understanding on WAN connection technologies, Protocols, different
techniques for securing WAN link against unauthorized users and other intruders.
Furthermore, we have also mastered the procedures for developing and deploying a WAN connection
solution by considering factors such as cost of implementation, availability of services, manageability
of services, hardware and software, access control, bandwidth required, traffic prioritization and
security for the data across the public infrastructure along with the hardware and software selection to
suite the office requirements.
The MCRM Bank would have managed their WAN network properly to stay within the competitive
area. Hence all its branches could workout collectively on their daily business activities as the
network system designed would have assisted MCRM Bank on communication system on solving
problems at both cost and time effectively. As a new and fast growing bank, MCRM bank need
appropriate centralize system network design to support their business in delivering the good service
for its customer.
In setting up the network for the Bank there are a lot of factor to be considered especially for its
reliability, privacy and security.
In considering the hardware and software, we saw it from the both side, MCRM bank network and
the selected technology requirements. After doing some researches for some famous vendors, we
suggesting to uses the Cisco devices. Based on their experience in manufacturing network device, this
vendor can guarantee to provide high quality hardware to be used in MCRM Bank WAN network
Reference
Online source:

 Enhanced Interior Gateway Routing Protocol. Document ID: 16406

http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094cb7.shtml
[Accessed on 30th Oct 2009]
 (Glasvezel.net.2002-2009) Border Gateway Protocol http://www.bgp4.as/ [Accessed on 30th
Oct 2009]
 (Cisco Systems-2009) Routing Information Protocol (RIP)
 http://www.cisco.com/en/US/docs/internetworking/technology/handbook/RIP.html [Accessed
on 30th Oct 2009]
 Data-only Site-to-Site IPSec VPN Design Guide \ Cisco Systems,2009
 http://docstore.mik.ua/univercd/cc/td/doc/solution/esm/sitevpn1.pdf [Accessed on 31th Oct
2009]
 DYNAMIC MULTIPOINT VPN,2005
 http://www.tiam.ir/ftp/faq/cdccont_0900aecd802e2cf5.pdf [Accessed on 31th Oct 2009]
 Cotse.Net, 2003, IP Protocol Overview, Packetderm LLC, Available from
http://www.cotse.com/CIE/Course/Section3/3.htm [Accessed on 31th Oct 2009]
 Cisco DMVPN (Dynamic Multipoint Virtual Private Network) Posted by: saleempc | August
5, 2009 http://ibrainlesgenius.wordpress.com/2009/08/05/cisco-dmvpn-dynamic-multipoint-
virtual-private-network/ [Accessed on 31th Oct 2009]
 Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications ,
2009 Cisco Systems
Http://www.ciscosystems.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps6658/
data_sheet_c78-468520.pdf [Accessed on 31th Oct 2009]
 http://www.cisco.com [accessed on 2009-11-09]
 http://www.vpntools.com/vpntools_articles/VPN-Protocols.htm[accessed on 2009-11-05]
 http://www.windowsecurity.com/articles/VPN-Options.html[accessed on 2009-11-03]
 http://technet.microsoft.com/en-us/library/cc768084.aspx[accessed on 2009-10-16]
Book source:
 Michael, P& Robert, B, 2003, Guide to designing and implementing Local and Wide Area
Networks, Second Edition, Course Technology.
 WestNet Learning Technology, 1999, Network Design, Singapore, Thomson Learning.
Appendix 1
Terms and Acronyms
Table : Define terms and acronyms are used throughout the documentation

Term Acronyms
ACL Access Control List
CLAN Control LAN
DMVPN Dynamic Multipoint Virtual Private Network
DSCP Differentiated Services Code Point
GRE Generic Route Encapsulation
IPSec Internet Protocol Security
IPSI IP Services Interface
ISAKMP Internet Security Association and Key

Management Protocol
MEDPRO Media Processor
mGRE Multipoint Generic Routing Encapsulation
NHRP Next Hop Resolution Protocol
QoS Quality of Service
RTP Real-Time Transport Protocol
VPN Virtual Private Network
About the service provider

TELEKOM MALAYSIA

Telekom Malaysia Berhad (TM), Malaysia’s leading integrated information and communications
group, offers a comprehensive range of communication services and solutions in broadband, data and
fixed-line. The Group places emphasis on continuing customer service quality enhancements and
innovations.
TM is poised to position Malaysia as a regional Internet hub and digital gateway for South-East Asia.
In line with this, TM would be able to provide WAN for the Bank headquarters and its branches as it
has large network system across Malaysia. (Telekom Malaysia Berhad, 2009)
TM offers the service for line that would be placed for the Bank primary link connection. This will
provide high speed connectivity which ranges in between 512 Kbps to 2 Mbps with annual cost
starting from RM10, 800 annually which would be supportively on establishing WAN between the
Bank headquarters and its branches.
TM Digital Line services support range of application such, high speed transmission, Video images
transmission and conferencing, Private Wide Area Network, voice transmission and high speed
internet access which would adequately establish dedicated WAN as secondary link for the Bank
recovery plan as well as enable internet connection and VoIP. (Telekom Malaysia Berhad, 2009)

Appendix 2
Contribution of each member
No. Mustafa Osman

Components robet M.riza Chan
Balla
1 Introduction
100%
2 Primary Link
100%
3 Secondary Link
100%
4 Hardware and software
100%
5 Security Measures
100%
6 Limitations
100%
7 Cancelation
100%
8 Reference
25% 25% 25% 25%
9 Appendix
25% 25% 25% 25%
10 Documentation Overview
25% 25% 25% 25%
Signature

Ct043-3-2 - Remote Access Network: Asia Pacific University College of Technology & Innovation

Uploaded by

Copyright:

Available Formats

Ct043-3-2 - Remote Access Network: Asia Pacific University College of Technology & Innovation

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ct043-3-2 - Remote Access Network: Asia Pacific University College of Technology & Innovation

Uploaded by

Copyright:

Available Formats

[CT043-3-2 - REMOTE ACCESS NETWORK] UCTI

Asia Pacific University College of Technology & Innovation Page 45

Cisco 3900 Series..........................................................................................................................................24

Asia Pacific University College of Technology & Innovation Page 45

Asia Pacific University College of Technology & Innovation Page 45

Asia Pacific University College of Technology & Innovation Page 45

Asia Pacific University College of Technology & Innovation Page 45

Illustrate how DMVPN is secured and the design on the network

Asia Pacific University College of Technology & Innovation Page 45

Overview desgin of the WAN

Figure 2.2: overview network design

Asia Pacific University College of Technology & Innovation Page 45

Description of technology used (DMVPN):

Asia Pacific University College of Technology & Innovation Page 45

Dual DMVPN Cloud Topology

Technical description and operational requirement

Asia Pacific University College of Technology & Innovation Page 45

Advantages and Disadvantages of DMVPN:

 No support for non-IP protocols.

Asia Pacific University College of Technology & Innovation Page 45

Sending of data quickly is done through hub-to-spoke dialing

It enables the HQ to remote control the network and provides

It allows video conferencing with live full color, two-way video,

Compare between the differences of DMVPN and Easy VPN

Service feature name DMVPN Easy VPN

Asia Pacific University College of Technology & Innovation Page 45

Support of multicast Traffic Yes -

Cited: DYNAMIC MULTIPOINT VPN, 2005

Standards and protocols

Asia Pacific University College of Technology & Innovation Page 45

 Enhanced Interior Gateway Routing Protocol (EIGRP)

 Open Shortest Path First (OSPF)

 Border Gateway Protocol (BGP)

 Routing Information Protocol (RIP)

 Internet Protocol (IP)

Asia Pacific University College of Technology & Innovation Page 45

IP is characterized as a best effort protocol, as it offers no guarantees of delivery, no sequence as

IP provides several services such as:

Overview and Recommendations

Table 2.3: Describe the recommendation services to the bank network

Asia Pacific University College of Technology & Innovation Page 45

Task H.Q & Branches Services needed

Secondary Link backup plan

Asia Pacific University College of Technology & Innovation Page 45

available symmetrically. These technologies are well established

Purpose of the Plan

Asia Pacific University College of Technology & Innovation Page 45

* OFFSITE DATA STORAGE & DATA PROTECTION SERVICES available at:

Asia Pacific University College of Technology & Innovation Page 45

Secondary link diagram

Asia Pacific University College of Technology & Innovation Page 45

The head quarter office lease line modem

Digital interfaces V.35/X.21/RS-530 V.35, X.21, 10Base-T

Setup and monitoring Telnet or ASCII terminal ASCII terminal

Figure 3.1: ASMi-52

Asia Pacific University College of Technology & Innovation Page 45

Figure 3.2: Patton Model 1082

The branch office and backup site lease line modem

Figure 3.3: ASM-10/8