 |
 |
 |
 |
 |
 |
 |
|
Q103003 - Setting Up a Secure Connection with KlasTA AERO 256K over Satellite |
 |
|
 |
 |
 |
KB article reference no. Q103003
Version: 1.0
Keywords: KlasTA AERO 256K, KIV-7, OMNIxiThe information in this article applies to:
KlasTA AERO 256K, KlasRouter, KlasHopper, OMNIxi, KIV-7
Table of Contents |
 |
2.0
2.1
2.2
2.3
2.4
3.0
3.1
3.2
3.3
3.4Introduction
Mobile Side
INMARSAT M4 Terminal
KlasTA AERO 256K
Type-1 Serial Encryption
RS-530 Synchronous Serial Device
Home Side
ISDN NT-1
KlasTA AERO 256K
Type-1 Serial Encryption
RS-530 Synchronous Serial Router
|
Table of Figures |
|
Figure 1.
Figure 2.
Figure 3.Sample Scenario for a Deployed User
Rear View of Mobile Side KlasTA AERO 256K
Rear View of Home Side KlasTA AERO 256K
|
1.0 Introduction |
|
Figure 1. Sample Scenario for a Deployed User
This document describes how to physically set up each device needed to establish a secure connection over satellite using KlasTA AERO 256K, as shown in Figure 1. The sample scenario includes a Mobile and a Home Side of the communications session. The Mobile Side represents a user in a deployed environment and the Home Side represents a fixed terrestrial network with multiple established ISDN BRI connections. Typically, the Mobile Side will initiate the session by using the KlasTA AERO 256K to dial out through the INMARSAT M4 Terminals. The KlasTA on the Home Side will answer the call, establish the necessary parameters, and complete the connection with Mobile Side KlasTA. Once the KlasTAs have synchronized with each other, the KIV-7/OMNIxi will initiate the exchange of security parameters and establish a Type-1 encrypted session. Finally, once the KIV-7/OMNIxi devices authenticate each other and secure the connection, the end user communications devices can begin to exchange data through a PPP or HDLC session. Follow the instructions in the sections below to physically set up the devices needed to conduct a secure communications session over satellite.
The devices listed below are required in order to establish a secure connection in a deployed environment:
- Up to four INMARSAT M4 Terminals
- KlasTA AERO 256K
- Type-1 Serial Encryption Device (i.e. KIV-7 or OMNIxi)
- RS-530 Synchronous Serial Device (i.e. KlasRouter or KlasHopper)
The following sections will describe the purpose of each device and how it physically connects to its counterpart device.
2.1 INMARSAT M4 Terminal
There are several different manufacturers of INMARSAT M4 Terminals. Each terminal consists of an outdoor unit (ODU) and an indoor unit (IDU). The ODU is the antenna that physically sends and receives satellite signals. When setting up the ODU, ensure that it has an unobstructed line of sight view to the satellite with a strong signal. The ODU connects to the IDU through a coaxial cable. The IDU is a satellite phone and will use the digits it receives from KlasTA AERO 256K to dial up a connection with a Land Earth Station (LES) in order to connect to the public ISDN network. The IDU has an RJ-45 port typically labeled ISDN Input that connects to one of the ISDN Output ports on KlasTA AERO 256K through a standard straight-through Ethernet cable.
KlasTA AERO 256K is an ISDN Terminal Adaptor (TA) that converts serial data into an ISDN format for use across the public ISDN network. As shown below in Figure 2, KlasTA AERO 256K has three levels and are numbered on the left side. Levels 1 and 3 each have three RJ-45 ports while Level 2 has only two R-45 ports and an RS-530 Port. The role of each level and its respective ports is explained below:
Figure 2. Rear View of Mobile Side KlasTA
- In Level 1, the ISDN NT X0 Input port is used as a splitter in order to divide a 128K ISDN Input into two separate 64K ISDN channels for transmission over the ISDN X1 and ISDN X2 Output ports. Although not represented in this document, the ISDN NT X0 Input port can be used to accept the output from a STE in order to send it across a satellite link.
- In Level 2, the ISDN X0 and Y0 Output ports each represent an ISDN BRI connection. Each port can handle two ISDN 64K B-channels for a maximum throughput of 128K per port. The RS-530 Input port is a synchronous serial DB-25 port. Using the appropriate cable for the serial encryption device being used, connect the RS-530 Input port to the KIV-7 or OMNIxi.
- In Level 3, the ISDN NT Y0 Input port is used as a splitter in order to divide a 128K ISDN Input into two separate 64K ISDN channels for transmission over the ISDN Y1 and ISDN Y2 Output ports. Although not represented in this document, the ISDN NT Y0 Input port can be used to accept the output from a STE in order to send it across a satellite link.
In order to establish a 256K connection using four separate M4 Terminals, the 128K output from the ISDN Y0 and X0 Output Ports in Level 2 is split into two 64K channels in Levels 1 and 3. The ISDN NT X0 Input Port in Level 1 accepts the 128K output from the ISDN X0 Output Port from Level 2 and splits it into the ISDN X1 and X2 Output ports. Additionally, the ISDN NT Y0 Input Port in Level 3 accepts the 128K output from the ISDN Y0 Output Port from Level 2 and splits it into the ISDN Y1 and Y2 Output ports. Finally, connect an Ethernet cable from each of the ISDN X1, X2, Y1 and Y2 Ports into an M4 Terminal for a total of 256K. Figure 3 is a line diagram representing the various signal flows.
The two most commonly used Type-1 Serial Encryption Devices are the KIV-7 and OMNIxi. Each device accepts classified data through one serial port and then after encrypting the data sends it out another serial port as an unclassified encrypted data stream. The port that sends out encrypted data has a male connector and should be connected to the RS-530 Input port on KlasTA AERO 256K. The port accepting classified data has a female connector and connects to the RS-530 Synchronous Serial device.
There are two devices that can be used to connect to a Type-1 Serial Encryption Device, a router or a KlasHopper 600 PCMCIA card. With a router, such as KlasRouter, it must have an RS-530 Synchronous Serial connector. KlasRouter has a DB-25 male connector that can be used with a KIV-7 or OMNIxi. Ensure you have the appropriate cable and connect the KlasHopper card to the KIV-7 or OMNIxi. With KlasHopper, slide the card into an available PCMCIA slot on your laptop. Ensure you have the appropriate cable and connect the KlasHopper card to the KIV-7 or OMNIxi.
The devices listed below are required in order to establish a secure connection in a fixed environment:
- ISDN NT-1 Device
- KlasTA AERO 256K
- Type-1 Serial Encryption Device (i.e. KIV-7 or OMNIxi)
- RS-530 Synchronous Serial Router (i.e. KlasRouter)
The following sections will describe the purpose of each device and how it physically connects to its counterpart device.
There are several different manufacturers of ISDN NT-1 devices. In North America, networks require an NT-1 device with an ISDN U-Interface in order to convert the Public ISDN 2-wire connection into a 4-wire S/T connection on a TA, such as KlasTA. Connect the U-Interface on the NT-1 device to the RJ-45 port providing the ISDN BRI connection from the Telecom Company. Connect the S/T Interface on the NT-1 to the ISDN Output ports on KlasTA. Connect the S/T Interface on the NT-1 to the ISDN Y0 and X0 Output ports on KlasTA AERO 256K.
KlasTA is an ISDN Terminal Adaptor (TA) that converts serial data into an ISDN format for use across the public ISDN network. As shown below in Figure 3, KlasTA contains an ISDN NT Input port, two ISDN Output ports and an RS-530 Input Port. Each of the ports is explained below.
Figure 3. Rear View of Mobile Side KlasTA
- In Level 1, the ISDN NT X0 Input port is used as a splitter in order to divide a 128K ISDN Input into two separate 64K ISDN channels for transmission over the ISDN X1 and ISDN X2 Output ports. Although not represented in this document, the ISDN NT X0 Input port can be used to accept the output from a STE in order to send it across a satellite link.
- In Level 2, the ISDN X0 and Y0 Output ports each represent an ISDN BRI connection. Each port can handle two ISDN 64K B-channels for a maximum throughput of 128K per port. The RS-530 Input port is a synchronous serial DB-25 port. Using the appropriate cable for the serial encryption device being used, connect the RS-530 Input port to the KIV-7 or OMNIxi.
- In Level 3, the ISDN NT Y0 Input port is used as a splitter in order to divide a 128K ISDN Input into two separate 64K ISDN channels for transmission over the ISDN Y1 and ISDN Y2 Output ports. Although not represented in this document, the ISDN NT Y0 Input port can be used to accept the output from a STE in order to send it across a satellite link.
The two most commonly used Type-1 Serial Encryption Devices are the KIV-7 and OMNIxi. Each device accepts classified data through one serial port and then after encrypting the data sends it out another serial port as an unclassified encrypted data stream. The port that sends out encrypted data has a male connector and should be connected to the RS-530 Input port on KlasTA. The port accepting classified data has a female connector and connects to the RS-530 Synchronous Serial device.
The data coming from the Mobile Side must be routed to the appropriate destination on the Home Side network. This is accomplished using a router, such as KlasRouter, as a gateway to the rest of the network. Connect the RS-530 Serial port on the router to the serial encryption device. The Mobile and Home Side routers can then establish a PPP or HDLC connection, which will allow the integration of the Mobile Side communications into the entire Home Side network.
DISCLAIMER OF WARRANTY: THE DOCUMENT IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, WITH RESPECT TO THE DOCUMENT AND / OR ANY ASSOCIATED ON-LINE INFORMATION, KLAS DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDED BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT.
Home | About | News | Products | Support | Distributors | Contact
