NG2000-DW 4G

High-end VPN router with DSL, WLAN & LTE

  • DSL modem with: VDSL2, VDSL2 vectoring, SuperVectoring and G.fast
  • 4G (LTE) mobile radio modem
  • WLAN
  • 4x 2.5 Gbit/s LAN, RJ45
  • 1x 2.5 Gbit/s WAN, RJ45
  • Multi-protocol VPN
  • Intelligent firewall & routing
  • Fully implemented IPSec and OpenVPN
  • WireGuard
  • Connection Manager
  • Metal housing, industrial quality
  • Made in Germany

Functions and features

The high-end VPN router - with WLAN, DSL and 4G modem - is manufactured to the highest quality standards and is ideal for setting up secure branch networks or connecting ATMs thanks to its high level of flexibility.

The NG2000-DW 4G has an integrated DSL modem that supports the VDSL2, VDSL2 vectoring, ADSL/2/2+, SuperVectoring and G-fast standards so that the router can be operated on all modern DSL connections. The WAN port allows the implementation of any gateway connections as well as the connection of external modems (e.g. SDSL, cable, FTTH).

The integrated WLAN in accordance with the ac standard (AP; client; AP/client) makes various WLAN scenarios possible. The router can be used as an access point (AP) to create wireless networks and provide a connection for multiple devices. In client mode, it can connect to existing WLAN networks to extend the network range or connect devices without their own WLAN functionality. In AP/Client mode, the router allows simultaneous operation as an access point and client, giving it the flexibility to respond to different network needs and ensuring seamless integration into complex network environments.

The integrated 4G wireless modem allows the NG2000-DW 4G to stay connected via cellular networks, which is particularly useful in environments where DSL connections are unavailable or unstable. This allows the router to maintain a reliable Internet connection anytime, anywhere.

Via a permanently established VPN tunnel, an NG2000-DW 4G router can be easily connected to a branch network or to a head office and can thus be reached directly using private IP addressing. DynDNS is not required for access in this case, but can be set up at any time.

The fully implemented VPN standards IPSec and OpenVPN ensure maximum security during data transmission. Authentication is carried out using either stored certificates or pre-shared keys. The VPN router supports all modern encryption algorithms such as AES with a key length of up to 256 bits.

With its modular software structure, the NG2000-DW 4G enables the seamless integration of customer-specific software and supports a wide range of network protocols, including IP, TCP, UDP, PPP, ARP, RARP and ICMP. The integrated DHCP (Dynamic Host Configuration Protocol) ensures automatic and efficient network configuration, while the DNS and Dynamic DNS system optimizes domain name management. The router is equipped with the NTP (Network Time Protocol) for precise time synchronization in networks.

In terms of routing, the NG2000-DW 4G offers both static routing for IPv4 and IPv6 as well as policy-based routing. Network address translation is made possible by NAT (Network Address Translation), while the QoS (Quality of Service) function ensures effective prioritization of data packets. Real-time statistics and a log function are also available.

In terms of security, the NG2000-DW 4G offers a zone-based stateful inspection firewall (IPv4/IPv6) with packet filter and a demilitarized zone (DMZ). It supports a wide range of VPN protocols, including OpenVPN, IPSec, L2TP and WireGuard, enabling secure communication over insecure IP networks. Various hashing and encryption algorithms ensure maximum security.

In the area of high-availability, the NG2000-DW 4G offers a MultiWAN manager with complex backup options, including multi-level backup target strategies and optimization of switchover times. VRRP (Virtual Router Redundancy Protocol) with support for Multi group VRRP ensures additional network stability.

Various options are available for efficient management and configuration of the router. Management can be carried out via the network using Command Line (SSH) and HTTPS or via Command Line (SSH) using the console port. Remote configuration and maintenance are possible via TR-069 standard, and firmware updates can be carried out via SSH, HTTPS and TR-069. The router also offers SNMP and a Checkmk agent for comprehensive network management.

Overall, with its integrated 4G radio modem and WLAN, the NG2000-DW 4G offers an innovative solution for companies that require a flexible, secure and reliable network connection, regardless of the availability of DSL connections.

 

DSL modem

Thanks to the built-in DSL modem, the device can be connected directly to any DSL connection to establish an Internet connection. All common DSL standards (ADSL2/2+, VDSL2 including SuperVectoring - Profile 35b) are supported. This broad compatibility ensures seamless integration into existing networks and enables fast commissioning without time-consuming configuration.

Multi-protocol VPN

In contrast to many conventional routers, which often only support one VPN protocol, multi-protocol VPN offers a choice of different protocols. This makes it possible to choose the protocol that best meets individual requirements, for example OpenVPN, IPsec, IPsec/L2TP or WireGuard.

MultiWAN Manager

With the MultiWAN Manager, you always have the right connection. Whether via xDSL, LTE, WLAN or WAN - the MultiWAN Manager automatically ensures that your preferred connection type is always selected.

WLAN

The device's powerful Wi-Fi can operate in the 2.4 or 5 gigahertz band and offers a throughput of up to 1299 Mbps via the Wi-Fi 5 standard (IEEE 802.11ac). The Wi-Fi can be used both in access point mode and in client mode - depending on requirements. Multiple WLANs (multi-SSID) can be used to securely separate different networks from one another. Of course, the WLAN is also downward compatible with the IEEE 802.11a/b/g/n standards.

WireGuard-VPN

WireGuard is a very practical and modern solution for VPN applications - with the aim of being simpler than IPsec and better performing than OpenVPN. Available on almost all platforms, it is easy to use and therefore uncomplicated. WireGuard uses state-of-the-art cryptography and therefore benefits from protected communication using the latest technology. It is designed as a universal VPN for operation on everything from embedded devices to supercomputers.

4G mobile radio

The integrated radio modem covers all common European frequency bands in the 2G, 3G and 4G range. Additional radio modems with country-specific frequencies are optionally available. In the event of a network failure, the system automatically switches over - the connection remains online


Technical data

  • Robust metal housing
    Optionally with top-hat rail clip
  • Dimensions
    185x33x155 (WxHxD in mm, without antennas)
  • Weight
    approx. 860 g
  • Operating temperature
    -20° C to +50° C (during operation)
  • Air humidity
    85% (non-condensing)
  • Power supply
    Plug-in power supply 12V, 1A
  • Input voltage
    Wide range 9V-30V DC
  • Power consumption
    ≤ 5W (DSL activated), ≤ 3W (DSL deactivated)

Hardware specifications

  • Processor
    2.0 GHz, QuadCore, fanless
  • Working memory
    2 GB
  • System memory
    2 GB eMMC
  • Additional memory
    8 kbit Eeprom
  • WAN port
    1 x 2.5 Gbit RJ45
  • Ethernet ports
    4 x 2.5 Gbit RJ45
  • LEDs
    11 RGB LEDs
  • Console port
    The USB-C configuration interface (console) offers an easy way to access the router independently of the network.
  • Reset button
    For restarting or resetting the router
  • Power fail logging
    In the event of a power failure, the time stamp of the failure is saved.
  • Persistent logging
    The log is retained even after a restart or power failure.
  • Real-time clock (RTC)
    CMOS hardware clock

DSL modem

  • VDSL2
    ITU-T G.993.2 up to profile 30a
  • VDSL2-Vectoring
    according to ITU-T G.993.5
  • VDSL1
    ITU-T G.993.1, T1.424, TS 101 270
  • ADSL/2/2+
    G.992.3 Annex A (ADSL2)
    G.992.5 Annex A (ADSL2+)
    G.992.5 Annex B (ADSL2+)
    G.992.5 Annex J (ADSL2+)
    G.992.5 Annex M (ADSL2+)
  • DSL Forum performance specifications
    ADSL TR-048/67, TR-100; VDSL: WT-114
  • Erasure Decoding
    Increased interleaver depth und Re-Transmission Bonding
  • EFM (IEEE 802.3 ah)
  • ITU-T G.998.2
  • DSL connection
    RJ45 socket

Mobile radio (4G)

  • High-speed M2M mobile connectivity   
  • Penta Band LTE
    - Category 3
    FDD (=Frequency Division Duplex) bands:
    - 1 (2100 MHz)
    - 3 (1800 MHz)
    - 7 (2600 MHz)
    - 8 (900 MHz)
    - 20 (800 MHz)
    - Download max. 100 Mbps
    - Upload max. 50Mbps bei 20MHz, MIMO
  • Tri Band UMTS/HSPA+/DC-HSPA+ (WCDMA)
    - Download Category 24 / Upload Category 6
    FDD bands
    - 1 (2100 MHz)
    - 3 (1800 MHz)
    - 8 (900 MHz)
    - Dual Carrier (DC-HSPA+) Download max. 42.2Mbps, Upload max. 5.76Mbps
    - UMTS Down- und Upload max. 384Kbps
  • Dual Band GSM/GPRS/EDGE
    Multi-slot class 12
    Frequency bands:
    - EGSM 900 (MHz)
    - DCS 1800 (MHz)
    - EDGE Download max. 236.8kbps, Upload max. 118.4Kbps
    - GPRS Download max. 85.6kbps, Upload max. 85.6kbps
  • MultiSIM
    For the use of 2 SIM cards for backup scenarios.
    One SIM slot is located on the front of the device, one is located inside the housing.
  • Antenna connection
    2 SMA (female)
    With antenna detection for easier fault detection

WLAN (WiFi5)

  • WLAN standards
    Wi-Fi 5 (IEEE 802.11ac compliant), 2T2R, MU-MIMO, downward compatible with IEEE 802.11a/b/g/n
  • WLAN modes
    Client mode, Soft AP mode
  • Frequency range
    IEEE 802.11 b/g/n: 2.412GHz ~ 2.484GHz
    IEEE 802.11 a/ac: 5.150GHz ~ 5.850GHz
  • Dynamic Frequency Selection (DFS)
    Can perform an automatic channel change if another device is detected on the channel in use.
    Required for the operation of 5 GHz WLAN devices in Germany
  • Security features
    Enterprise level security supporting:
      WPA
      WPA2
      WPA3
  • Modulation techniques
    802.11a : BPSK, QPSK, 16-QAM, 64-QAM
    802.11b : DBPSK, DQPSK, CCK
    802.11g : BPSK, QPSK, 16-QAM, 64-QAM
    802.11n : BPSK, QPSK, 16-QAM, 64-QAM
    802.11ac : BPSK, QPSK, 16-QAM, 64-QAM, 256-QAM
  • Bandwidths
    20 MHz/40 MHz channel bandwidth for 2.4 GHz
    20 MHz/40 MHz/80 MHz channel bandwidth for 5 GHz
  • Antenna connection
    2x RP-SMA (male)

Scope of supply

NG2000-DW 4G, power supply, patch cable, quick start guide

 

Warranty

2 / 3 year bring-in manufacturer's warranty

Register now free of charge

Router

  • Modular software structure
    The modular software structure offers the option of integrating customised/custom-developed software.
  • DHCP (Dynamic Host Configuration Protocol)
    A communication protocol that enables clients to retrieve and servers to assign the network configuration (client/relay/server)
  • Protocols
    z. E.G. IP, TCP, UDP, PPP, ARP, RARP, ICMP
  • DNS (Domain Name System)
    It manages the name space in networks, e.g. for converting domain names into IP addresses (client/relay/server).
  • Dynamic DNS
    Dynamic DNS: It is used to dynamically update the IP address of a computer so that it can always be reached under the same name.
  • NTP (Network Time Protocol)
     Standard for time synchronisation via networks (client/server)
  • Routing
    Static routing (IPv4 forwarding)
    Static routing (IPv6 forwarding)
    Policy-based routing (PBR)
  • NAT (Network Address Translation)
    Source and destination NAT/NAPT and masquerading
  • QoS (Quality of Service)
    For prioritising data packets to meet the quality standard, especially for time-critical transmissions/applications
  • Real-time statistics and log function
  • Syslog client

Security

  • Firewall
  • Zone-based stateful inspection firewall (IPv4/IPv6) with packet filter and demilitarised zone (DMZ);
    Bridging firewall
  • OpenVPN
    Free software based on OpenSSL for setting up a secure VPN via an encrypted connection. Both routed and bridged tunnels (client/server) are supported.
  • IPSec
    Internet Protocol Security: for secure VPN communication via potentially insecure
  • L2TP (Layer 2 Tunneling Protocol), passthrough
    Tunnelling protocol for transmitting the data link layer (Layer 2) of the OSI model between two networks
  • WireGuard
    WireGuard uses the latest, particularly powerful cryptographic algorithms, e.g. the Noise Protocol Framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24 or HKDF. WireGuard gets a further performance boost from the fact that the software is executed on the server side as a Linux kernel module. WireGuard uses only public keys for identification and encryption and can therefore dispense with a certificate infrastructure.
  • Hash algorithms
    MD5, SHA1, SHA2 256/512
  • Diffie Hellman Groups
    Schlüsselaustausch zum Sichern: 1, 2, 5, 14, 15, 16, 17, 18
    Modulo Prime Groups with Prime Order Subgroup: 22, 23, 24
    NIST Elliptic Curve Groups: 25, 26, 19, 20, 21
    Brainpool Elliptic Curve Groups: 27, 28, 29, 30
  • Encryption algorithms
    AES 128/192/256, Blowfish, Twofish 128/256, Serpent 128/256
  • Number of VPN tunnels
    The number of configurable VPN tunnels is not limited by the software. Depending on the application, up to
    - 30 VPN tunnels (VR2020 series),
    - 400 VPN tunnels (G3000 & G4000 series) and
    - 5000 VPN tunnels (G5000 series) are possible.

High-Availability

  • MultiWAN manager with complex backup options
    - Multihomed and multi-level backup target strategies
    - Optimisation of switchover times
    - Prevention of unnecessary switching
    - Optimisation of switchback
    - Prevention of switching instabilities (fluttering)
    - Mobile telephony: Provider switching with MultiSIM
    - Dynamic connection parameters (default route, policy-based routes, etc.)
    - Configurable connection check (ping, LCP echo, etc.)
  • VRRP (Virtual Router Redundancy Protocol)
    - With support for Multi group VRRP

Management

  • Management/configuration
    Via the network using Command Line (SSH) and HTTPS as well as via Command Line (SSH) using the console port
  • Remote configuration/maintenance
    If required, remote configuration/maintenance can be carried out using the TR-069 standard. Configuration via TDT C.O.R.E. is also possible.
  • Firmware update
    Firmware updates can be realised via SSH, HTTPS and (TR-069).
  • SNMP (Simple Network Management Protocol)
    SNMP is a network protocol that was developed to monitor and control network elements from a central station.
  • Checkmk agent
    For connection to the Checkmk network management system
ProductModelDSLMobile radioWiFiWANSerialEthernet 
VR2020-D
(End of Sale)
1xoptional4x 100 Mbit/s 

VR2020-LD
(End of Sale)

1xoptional4x 100 Mbit/s 
         
NG2000-D
1x 2.5 Gbit/s
4x 2.5 Gbit/s 
NG2000-D 4G  (4G)
1x 2.5 Gbit/s
4x 2.5 Gbit/s 
NG2000-D 5G  (5G)
1x 2.5 Gbit/s
4x 2.5 Gbit/s 
NG2000-DW
1x 2.5 Gbit/s
4x 2.5 Gbit/s 
NG2000-DW 4G  (4G)1x 2.5 Gbit/s
4x 2.5 Gbit/s 
NG2000-DW 5G  (5G)1x 2.5 Gbit/s
4x 2.5 Gbit/s 
         
G3000siehe Ethernet3x 1 Gbit/s 
G3000-Wsiehe Ethernet3x 1 Gbit/s 
G3000-L  (4G)siehe Ethernet3x 1 Gbit/s 
G3000-5G  (5G)siehe Ethernet3x 1 Gbit/s 
G3000-LW  (4G)siehe Ethernet3x 1 Gbit/s 
         

Downloads

For the moment the data-files are available in German language only.