IP VPN Remote Access - IPSEC

(formerly IP VPN Remote Services – CPE Based)


As of May 1, 2015, IP VPN Remote Access – IPSEC Services are no longer available to Customers who are not already receiving IP VPN Remote Access – IPSEC Services from Company.  Effective July 1, 2015, existing IP VPN Remote Access – IPSEC Customers cannot renew their IP VPN Remote Access – IPSEC Services nor obtain MAC (Move/Add/Change) services for IP VPN Remote Access – IP SEC Services.


I.          SERVICE DESCRIPTION: IP VPN Remote Access - IPSEC (IP VPN Remote) is a managed virtual private network utilizing internet protocol (VPN). IP VPN Remote enables remote users to use the public Internet, cable modem, xDSL, or other Internet Protocol (IP) networks to more securely access Customer’s site(s) through an Internet Dedicated Services connection by using either a Switch and a Router, or equivalent Customer Premises equipment designated by Company, collectively referred to as “CPE”, installed at a Customer’s site which, if owned by Company, shall be Service Equipment. IP VPN Remote supports encrypted connectivity using industry standard L2TP or, at Customer’s election, Company will provide IPSec client software or a SSL VPN module and SSL software license to enable IPSec tunneled connections.


1.         Customer must subscribe to Enterprise Mobility Dial Access to receive IP VPN Remote.


2.         Customer may choose any of the following Internet Dedicated Services: 768Kbps/T1, Double/Diverse T1, Price-Protected T1, NxT1, T3 Tiered, Burstable T3, Double/Diverse T3 Price-Protected T3, OC-3 Tiered and OC-3 Burstable.


3.         IP VPN Remote CPE and CPE Management. Company provides certain CPE which was manufactured by third parties (Manufacturer). Company provides Help Desk to Help Desk Support for CPE. Customer’s use of such CPE is subject to the terms and conditions of the Manufacturer’s agreement and end user software license, if any. Customer may provide and manage their own Cisco router or use a Company-provided Cisco Router, or equivalent Router designated by Company (each a “Router”). Customer may host and manage their own RADIUS server for Internet Dial Corporate or use an Internet Dial Corporate Company-hosted RADIUS Server. Available Switches and Routers are listed in Section IV, “Rates and Charges”.


3.1       Company Provided and Managed Switch and Router. Company is responsible for the provisioning, remote installation, configuration and ongoing maintenance and management of Company-provided Switches and Routers.


3.2       Customer Provided and Managed Router. Customer may provide its own equipment which must be compatible with the Company Network. Customer provided Routers are managed either by Company or by the Customer. Customer-provided Routers must be dedicated solely to IP VPN Remote. Customer is solely responsible for the provisioning, installation, configuration and, unless subscribing to Customer Premises Equipment (CPE) service, ongoing management of such Router, which must be compatible with IP VPN Remote and the Company Network. Failure of the Customer-provided Router to be compatible with IP VPN Remote and the Company Network means Company is not responsible for management of the Switch or failure of IP VPN Remote. Company reserves the right to change Router requirements and configuration at any time.


3.3       Out of Band Modem. Company provides an OOB modem for troubleshooting each site that is part of IP VPN Remote. For sites located within the United States, Company orders and provides a dedicated, analog telephone connection for use by each OOB modem at no additional cost. Dedicated analog telephone connections are Customer’s responsibility for all other site locations. Customer is responsible for any charges incurred to extend the analog telephone connection wiring from the telephone company demarcation point to the CPE within Customer Premises. If the analog telephone connection does not provide a minimum of 9600bps throughput, Company cannot remotely manage, troubleshoot or upgrade CPE configurations until such minimum bandwidth is restored. This limitation may negatively impact Company’s ability to manage and troubleshoot the site, and could severely increase downtime and/or reduce site availability levels.


II.         DEFINITIONS: In addition to the Online Definitions, the following definitions apply to IP VPN Remote.


 “OOB” means out of band.


 “Switch” means a either a Nortel® VPN Router or a Cisco® Concentrator Switch as managed and provided by Company.




Customer has the option of choosing one of two Switch platforms, Nortel VPN Router or a Cisco® Concentrator Switch. Certain advanced features of IP VPN Remote, as more fully described herein, are not yet available on both Switch platforms. At this time, Company can not offer the following features of IP VPN Remote with the Cisco Switch; L2TP, RAM Upgrade, and Encryption Accelerator Card.


1.         Bandwidth Management. Customer may request optional Bandwidth Management providing Customer with group level configurable bandwidth settings for the following Switches: Nortel VPN Router Type 2600, Nortel VPN Router Type 2700 and Nortel VPN Router Type 5000. This allows the Customer to manage VPNs where high bandwidth users may consume available bandwidth to allow low bandwidth users to have sufficient access. Bandwidth Management does not guarantee access to IP VPN Remote by all users.


2.         Encryption Accelerator Card. Customer may request an optional Encryption Accelerator Card for installation into the following Switches: Nortel VPN Router Type 2600, Nortel VPN Router Type 2700 and Nortel VPN Router Type 5000. The Encryption Accelerator Card increases encryption speeds by taking encryption processing operations from the central processing unit of the Switch. This feature is not available with the Cisco Switch.


3.         RAM Upgrade. Customer may request a random access memory upgrade of 128 or 256 megabytes for the following Switches: Nortel VPN Router Type 1700/1740/2600, Nortel VPN Router Type 2700 and Nortel VPN Router Type 5000. A RAM Upgrade is required for L2TP encryption. This feature is not available with the Cisco Switch.


4.         Data Center Colocation. Customers may choose to have their IP VPN Remote connectivity provided at the selected Company physical location or data center in which Equipment storage space will be made available to Customer for installation and use of Equipment (Facility) with Data Center Colocation. Data Center Colocation provided under IP VPN Remote includes VPN service monitoring and management as well as on-site installation and maintenance. A Router is not required with Data Center Colocation.


5.         Third Party Connectivity. A “Third Party Connectivity Site” is defined as a Company-compatible VPN site that is connected to the Internet via a network other than the Company Network.


5.1       CPE. Customer must lease from Company a pre-configured Switch, Router, an OOB modem, and any other equipment designated by Company as necessary for the Customer to create a functional Company-compatible VPN site. Customer may establish such Third Party Connectivity Sites only in the United States.


5.2       Monitoring Service. Company monitors and manages the Switch located at Customer’s Third Party Connectivity Site from Company’s VPN network operations center in the United States (VPN NOC) and notifies Customer of the existence of any outages or problems with the Switch. If such problem is discovered, the VPN NOC will attempt to resolve the issue.


5.3       Customer Obligations. Customer must provide and pay for dedicated access through a local, third-party Internet Service Provider (3rd party ISP) in order to connect the CPE at the Third Party Connectivity Site to Customer’s VPN. Customer is responsible for the installation and maintenance of all dedicated access (including but not limited to the telephone line access circuit). Customer shall ensure that the connection speed to the 3rd party ISP from the Third Party Connectivity Site is at least 56kbps (PSTN connection over Async ports will not be supported), and that the 3rd party ISP allows Company remote access to the CPE for management and monitoring purposes. In addition, Customer must order, provide and pay for a dedicated analog telephone connection for use exclusively by each OOB modem at the Third Party Connectivity Site.


6.         Local Access Circuits. All Local Access charges (including where applicable, the Local Access charge for any back-up line) are Customer’s responsibility. Any facilities and extra cabling necessary within Customer’s building, in particular in relation to the connection between the telco entrance point and Customer’s IP connection point, are not included and are Customer’s responsibility.


IV.        RATES AND CHARGES: In addition to the rates and charges for IP VPN Remote Access – IPSEC may be found in Customer’s Service agreement or related attachments the following also applies:


1.         Paper Invoice Charge


2.         Convenience-Payment Charge


V.         TERMS AND CONDITIONS: In addition to the Online Master Terms - Terms and Conditions of Service, the following terms and conditions apply:


1.         VPN Design. The design of the VPN shall be provided by Company based on information provided by Customer to Company. It is the Customer's responsibility to provide all information reasonably requested by Company in connection with the provision of the VPN and to ensure that all such information is accurate, complete and up-to-date. Customer understands that should Customer desire to change the design of this VPN, the design must be mutually agreed in writing prior to implementation of such change and that the change shall still fall within acceptable Company product parameters.


2.         Technical Obligations. For the duration of Customer’s use of IP VPN Remote, Customer agrees to: (a) be responsible for the compliance of its Authorized Users with the End User Terms & Conditions set forth below; (b) designate and maintain an authorized System Administrator responsible for administering Authorized User accounts; (c) be solely responsible for all Authorized User accounts, support, billing, and collections, as applicable; and (d) be solely responsible for the set-up, administration, and maintenance via secure connection of all Authorized User accounts, including without limitation dial-up access authorizations and Authorized User identifications and passwords. Company shall provide second-level technical support to Customer regarding the administration of Authorized User accounts, and reserves the right to access and revise any Service Equipment configuration where required. Company shall not be responsible for the inaccuracy or disclosure of any configuration to Authorized Users.


3.         End User Terms & Conditions.


3.1       Company exercises no control over the content of the information passing through Company Network, including without limitation Company’s host computers, network hubs, and points of presence. COMPANY MAKES NO WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, FOR IP VPN REMOTE AND DISCLAIMS ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


3.2       IP VPN Remote is provided to Authorized Users only. Resale to or use by other persons or entities is prohibited. Company will not be responsible for any damage an Authorized User suffers. This includes damages resulting from loss of data due to delays, nondeliveries, misdeliveries, or service interruptions. Use of any information obtained via the Network is at the Authorized User’s own risk.


3.3       Use of IP VPN Remote is subject to the Acceptable Use Policy (“Policy”) for the country in which an Authorized User connects to the Network, as set forth at www.uu.net/terms, and if no Policy exists for that country, the U.S. Policy shall apply. Company reserves the right to suspend or terminate an Authorized User’s account for any actual or threatened violation of the Policy.


4.         Conditions of Dedicated Access Service.


Customer Obligations. While Customer can resell Internet connectivity, Customer cannot resell IP VPN Remote in its entirety to another person or entity without the express prior written consent of Company. If Customer resells Internet connectivity to Authorized Users, Customer is responsible for: (i) providing the first point of contact for Authorized User support inquiries; (ii) providing software fulfillment to Authorized Users; (iii) running its own primary and secondary domain name service (“DNS”) for end users; (iv) registering end users’ domain names; (v) using BGP routing to the Company Network, if requested by Company; (vi) collecting route additions and changes, and providing them to Company; and (vii) registering with the appropriate agency all IP addresses provided by Company to Customer that are allocated to end users.


5.         Unauthorized Use. Customer is advised that use of IP VPN Remote carries a risk of various forms of fraud, including but not limited to, unauthorized or fraudulent use of IP VPN Remote (“Unauthorized Use”) by persons who obtain Customer’s host names, UIC codes, passwords or other authentication-related information used in connection with IP VPN Remote. Customer is responsible for (i) exercising due diligence in protecting Customer systems and information that might be used to access, exploit, or otherwise use IP VPN Remote, (ii) modifying, updating, deleting and otherwise administering such access information and passwords with respect to Customer’s end user accounts, and (iii) promptly notifying Company in writing of any security compromise with respect to such information or end user accounts. Customer shall be responsible for payment of rates, fees, charges and surcharges incurred for all usage of IP VPN Remote, including without limitation, Unauthorized Use of IP VPN Remote. This obligation shall not apply with respect to Unauthorized Use




Company reserves the right to amend SLAs from time to time effective upon posting of the revised SLA to http://www.verizonbusiness.com/terms, or other URL designated by Company, or notice to Customer; provided, that in the event of any amendment resulting in a material reduction of the SLAs, service levels or credits, Customer may terminate IP VPN Remote without penalty by providing Company written notice of termination (pursuant to the Notice provision of the General Terms and Conditions) during the thirty (30) days following notice of such amendment. Company may avoid IP VPN Remote termination if, within thirty (30) days of receipt of Customer’s written notice, it agrees to amend the Customer Agreement to eliminate the applicability of the material reduction. SLA statistics are Confidential Information and may be used by Customer solely for the purpose of analyzing service quality. Company’s records and data shall be the basis for all SLA calculations and determinations. The SLA sets forth Customer’s sole remedies for any claim relating to IP VPN Remote or usage of the Company Network, including any failure to meet any guarantee set forth in the SLA. Company’s records and data shall be the basis for all SLA calculations and determinations. Notwithstanding anything to the contrary, the maximum amount of credit in any calendar month under the SLA shall not exceed the applicable Monthly Fee and/or Start-up Fee which, absent the credit, would have been charged for the respective, affected service that month (collectively the “Company Fees”). The maximum credit for failure to meet the Availability Guarantee shall not exceed the sum of (a) the Company Fees, plus (b) the Local Access circuit Monthly Fee which, absent the credit, would have been charged for such month.