Ascend's MultiVPN strategy satisfies the needs of both enterprise organizations and their network service provider partners. Ascend believes such a provider/

subscriber approach--unique in the industry--is necessary to overcome the primary obstacles to meaningful VPN implementation: compatibility, security, availability and manageability.

MultiVPN consists of three primary components. These components describe Ascend's VPN capability, which goes beyond basic Internet-based VPNs to include frame relay and ATM connectivity. Fundamental to MultiVPN is its provider/subscriber approach. It enables enterprise operations such as Acme.com to implement a range of VPN capabilities by (1) deploying MultiVPN products, (2) subscribing to high-value VPN services from MultiVPN service providers or (3) combining the two approaches. Flexibility is the key.

· The first component of MultiVPN is Virtual Private Remote Networking (VPRN), which delivers Internet-based VPN capability by creating standards-based multiprotocol tunnels through the Internet. It features ATMP (Ascend Tunnel Management Protocol), L2TP (Layer 2 Tunneling Protocol) and PPTP along with IPSec (IP Security), Ascend's Secure Access Firewall, Access Control (Extended RADIUS) as well as other alternative authentication methods.

· Virtual Private Trunking (VPT), Ascend's method of applying VPN technology to the delivery of frame relay or ATM services, is the second component. Acme.com's use of a VPT service will enable the company to contract with a service provider to guarantee service delivery even during the most congested periods of use--thus ensuring delivery of the SLA (service-level agreement).

· Virtual IP Routing (VIPR) is the third component of MultiVPN. Subscribing to VIPR service will allow Acme.com to extend private IP addressing over the wide area IP service to major corporate locations by creating private routing domains. This capability is delivered in Ascend's IP Navigator technology. In addition, VIPR enables you to receive from your VIPR service provider QoS (quality of service) up to what Ascend calls "Absolute" QoS. This capability goes beyond best efforts or ToS (type of service)-based QoS and guarantees that you receive the levels of QoS to which you subscribe.

All three components of MultiVPN are managed in a unified way using the Navis network-management products. Navis-based Customer Network Management Services let you manage your VPRN, VPT or VIPR services from your MultiVPN service provider.

MultiVPN delivers this range of capability while concentrating on the most important aspects of your operation.

Compatibility and Security
MultiVPN delivers compatibility with your existing systems and applications and provides security for the users requiring it.

·ýVPRN has multiprotocol tunneling, primarily for Internet-based remote access. Equipment with IPSec and integrated firewall (Secure Access) capability is installed where secure tunnels are required. VPRNs will create connectivity for Acme.com's small European offices and mobile and home-office workers, and will also create extranet connectivity with its electronics manufacturer and national retail chain. The security aspects of VPRN include an integrated ICSA-certified Secure Access dynamic firewall. Secure Access includes IPSec packet encryption, authentication and a variety of manual and automated options for key management. Secure Access is integrated with Pipeline and MAX systems and is available in a Personal Edition for PCs with modems and ISDN terminal adapters. Ascend's Access Control, an implementation of RADIUS with some 100 extensions, supports proxy capabilities and integrates with Ascend's Navis management system to facilitate centralized control of security provisions.

·ýVPTýbased services deliver high-availability frame relay services (or ATM if you desire it in the future). VPT services will be used to provide the high-bandwidth connectivity between Acme.com's large sites (New York, Paris and London).

· VIPR will allow Acme.com to extend its private IP addressing over the WAN to provide connectivity to its 15 branch sites in Canada, France, Mexico, the United Kingdom and the United States. The environment created by the VIPR services is inherently secure and has the ability to deliver QoS.

Availability
So you can depend on the MultiVPN network, we deliver network availability as good as or better than you receive today. Ascend's MultiVPN access, routing and switching products have features that make VPNs perform as well as private networks, with guarantees for all three dimensions of availability: throughput, latency and uptime. ATM's ability to deliver circuit-like constant bit rate is well-known. But Ascend extends ATM-like QoS capabilities to both frame relay and IP, and adds the ability to deliver SLAs. Together, QoS and SLAs offer the full range of end-to-end availability options to fit any need and budget.

Manageability
Finally, MultiVPN makes VPN management more powerful than techniques currently used to manage most private networks. NavisAccess installed in your operations center will enable you to manage the equipment in your access and router network. Network Management Services from your MultiVPN service provider will allow you to manage your VPN. This service grants real-time, 24-hour access to complete configuration, performance and fault information--all through the familiar Web browser interface for maximum productivity. The capability is secure, with read (view only) and write (manage) control, an SSL (Secure Sockets Layer) interface and 128-bit IPSec encryption of sensitive management information.

Network Computing's Evaluation of Ascend Communications' Response

Ascend's response covers many of the points laid out in Acme.com's RFP, including user and network management, multiprotocol tunneling, and consulting and training services. Unfortunately, this solution provides a site-to-site and user-to-user VPN with no consideration for departmental security, as identified by Acme.com. Like Bay's, Ascend's solution calls for a three-pronged approach to creating a dynamic VPN complete with QoS and extensive firewalling facilities, both in the main location and branch offices.

Ascend's MAX and Pipeline lines of WAN access products, coupled with the ICSA-certified Secure Access firewall, provide the backbone of its MultiVPN solution. In concert with Ascend's service provider partners for WAN access via frame relay or ATM, the New York site is serviced by a MAX 6000 while London and Paris use the smaller MAX 4000. Ascend's VPT (Virtual Private Trunking) provides QoS, as well as SLAs with Ascend's service provider partners. Acme.com also reaps the additional benefit of enhanced management capabilities of the WAN and VPN through Ascend's service partners, thanks to Ascend's CNM (Customer Network Management), which lets customers manage segments of their private networks that normally fall under the control of the service provider.

Each of the MAXes has optional IP routing; Secure Access firewall; VPN software for PPTP, L2TP and ATMP (Ascend Tunnel Management Protocol); and IPSec encryption; likewise, Pipeline offers the Secure Access firewall and VPN software as options. Additionally, Ascend's VIPR (Virtual IP Routing) provides centralized management of partitioned routing tables. This allows Acme.com to continue using its private network address scheme across all sites. Ascend's Secure Access Personal Edition, its remote access client, provides connectivity through ATMP, L2TP and PPTP from the desktop, secured by IPSec encryption.

Ascend's hardware solution costs more than some other solutions, such as ADI's, Shiva's or 3Com's. Consulting for one week at an estimated $6,000 and training for 30 days at an estimated $36,000 raises the total project cost to $219,979--less than Bay's proposal without the extensive consulting.