cNETWORK SYSTEM

HC-7825 IP VPN

IP is the de facto standard to transport information over

public (Internet) or private networks used by governmen-
tal agencies, military organisations, service providers and
civilian organisations. This end-to-end network technol-
ogy provides an open infrastructure for voice, video or
data applications and the transport of all information be-
tween multiple locations. The network can have a local,
national or international extension. To benefit from these
advantages despite global network risks, the HC-7825 IP
VPN is a highly secure system to protect sensitive infor-
mation. Within the Virtual Private Network (VPN) all in-
formation remain absolutely confidential.

Powerful IP connections are typically routed in today’s net-

work configuration to run over publicly-accessible ground
without any protection against hacker attacks. The highly se-
cure unit HC-7825 IP VPN resolves this problem in an effi-
cient and easy-to-handle way. This high performance unit
provides unrestricted encryption and encapsulates the home
networks. It is a reliable network security unit for all applica-
tions featuring IP backbones.
Key benefits
Used in carrier and service provider networks, it supports nn  
Highly secure, hardware-based encryption with
multiple scenarios like full-meshed and / or hub-and-spoke.
secret, Customer-specific Algorithm
Connecting headquarters, data centres and branch offices as
well as small offices and travellers is simple. The unit also en- nn  
Sophisticated security architecture and complete
ables the use of unicast and multicast applications such as protection against information leaks from electro-
voice, video, and data with or without quality of service (QoS). magnetic emissions (COMPREM)
nn  
Comprehensive algorithm profiling by customer
Mobile users are connected with dynamic IP addresses and
registration services. Redundancy and load-balancing sce- nn  
Synchronous key change without any data loss
narios for high availability (HA) scenarios are provided. All nn  
Powerful 100 Mbit/s IP VPN encryption
data are automatically encrypted in the background, no one
will take notice of this network service. HC-7825 IP VPN is nn  
All IP-based applications, such as voice, video and
compatible with all the other Crypto IP VPN units. data are protected
nn  
Encapsulating the original IP packet while transmit-
ting over public and / or private networks
Security application
nn  
Protection for full-meshed and hub-and-spoke
IP VPN Application for HC-7825 networks
nn  
Protection for unicast and multicast traffic

Encryption platform nn  

Centralised offline and online security management
for setup and update of cryptographic parameters
100M HC-7825 Network Platform
TECHNICAL SPECIFICATIONS

Cryptography and security Management

nn  
Security Management Centre SMC-1100 IP VPN
Algorithm nn  
In-band and out-of-band management via IP
nn  
Customer-specific cipher algorithm HCA-480 nn  
Local management via keypad and display
nn  
Customer-managed profiling of algorithm with variety > 10506 nn  
Local management via browser-based user interface
nn  
Mutual key agreement scheme for generation of short-term nn  
Remote management via ciphered browser connection (RAD-1100)
communication keys nn  
Remote software update
nn  
Each encrypted tunnel uses independent communication keys nn  
Time server support (SNTP)
nn  
Built-in high-quality true random generator nn  
Network management system (NMS) integration support (SNMPv1 /
Keys Standard MIB II)
nn  
Customer-defined master communication keys stored in tamper-proof Bandwidth
security module nn  
10 Mbit/s, 20 Mbit/s or 100 Mbit/s
nn  
Master communication keys and communication keys with variety > 1038 Tunnels
Key management nn  
250
nn  
Manual key input via unit interface Maintenance
nn  
Backup of key and installation data with Security Data Carriers (SDC) nn  
Built-in test equipment (BITE)
nn  
Offline with inter-unit management (with SDC) Performance
Tamper-proof design nn  
Throughput @ 64 Byte frames ≈ 32.1 Mbit/s
nn  
Role-based access control (theoritical maximum 33.3 Mbit/s)
nn  
Block function nn  
Throughput @ 1,400 Byte frames ≈ 93.4 Mbit/s
nn  
Emergency clear (theoritical maximum 93.4 Mbit/s)
nn  
Tamper evidence nn  
Latency @ 64 Byte frames ≈ 176 μs ±10 μs
nn  
Tamper detection and response (reset to factory state) nn  
Latency @ 1,400 Byte Frames ≈ 681 μs ±10 μs
nn  
Metal housing with mechanical lock Power supply units and cooling
nn  
Built-in security module nn  
Redundant hot-pluggable PSU
nn  
AC input, 100 … 240 V / 50…60 Hz
Services nn  
DC input, 24 V or 48 V, ± 25 %
nn  
Power consumption < 40 W
Services supported nn  
Redundant cooling with two fans
nn  
Unicast IP VPN tunnels (tunnel mode) Dimensions and weight
nn  
Multicast IP VPN tunnels (tunnel mode) nn  
19" rack mounting; 1 unit high
nn  
Throughput near wire-speed on world-side with 1,500 Byte IP packets nn  
444 x 260 x 44 mm (W x D x H)
nn  
Full-mesh and / or hub-and-spoke topologies nn  
4.2 kg
nn  
Traffic types: voice, video and data Reliability
Quality of service (QoS) support nn  
MTBF: > 100,000 hours
nn  
TOS / DSCP forwarding Environment
nn  
Configuration of TOS / DSCP for key agreement nn  
Operating temperature: 0 °C…+50 °C
nn  
Replay protection window size 64 packets nn  
Storage temperature: -25 °C…+70 °C
Home-side services nn  
Humidity: 5 %…95 %, non-condensing
nn  
DHCP server Safety / EMC
nn  
Static routing or RIP-II nn  
EN 55032 class B/EN 55024
World-side services nn  
EN 60950-1
nn  
DHCP client Quality system / Conformity
nn  
NAT support nn  
ISO 9001:2015
nn  
CE (European conformity
Features
Restricted © Crypto International. All rights reserved. HC-7825 IP VPN / EN / 1901

Options
User interfaces
nn  
Unit interfaces (LC display, keypad) nn  
Unit redundancy for higher availability
nn  
PC-based interfaces
Payload (home/world) interfaces Accessories
nn  
IEEE 802.3u 100 Mbit/s Ethernet
nn  
Electrical RJ45/100Base-TX nn  
Security Management Centre SMC-1100 IP VPN
Management interfaces nn  
Remote Access Device RAD-1100 / HC-1100
nn  
Local management (AUX) (10BASE-T/RJ45) nn  
Security Data Carrier (SDC)
nn  
100BASE-TX (RJ45)
nn  
Diagnostics interface RS-232 (RJ45) Information and specifications are subject to change without notice.
nn  
Built-in smart card reader

Crypto International AG | Zugerstrasse 42 | 6312 Steinhausen | Switzerland | T +41 41 749 77 22 | F +41 41 741 22 72 | crypto@crypto.ch | www.crypto.ch