Lancom Systems 8011 VPN, 7111 VPN manual Firewall

Page 12

EN

LANCOM 7111 VPN – LANCOM 8011 VPN

Chapter 1: Introduction

technologies such as DSL (Digital Subscriber Line) or G.703 (2-Mbit leased lines). But also a conventional ISDN line can be used.

The technologies of the individual participants do not have to be compatible to one another, as would be the case for conventional direct connections. A single Internet access can be used to establish multiple simultaneous logical connections to a variety of remote stations.

The resulting savings and high flexibility makes the Internet (or any other IP network) an outstanding backbone for a corporate network.

1.2Firewall

The integrated Stateful Inspection Firewall ensures an effective protection against undesired intrusion in your network by permitting only incoming data traffic as reaction to outgoing data traffic. The router’s IP masquerading func- tion hides all workstations of the LAN behind a single public IP address. The actual identities (IP addresses) of the individual workstations remain con- cealed. Firewall filters of the router permit specific IP addresses, protocols and ports to be blocked. With MAC address filters it is also possible to specifically monitor the access of workstations in the LAN to the IP routing function of the device.

	LAN
Internet
Firewall	LANCOM

Further important features of the Firewall are

Intrusion Detection

Break-in attempts into the local network or on the central Firewall are rec- ognized, repelled and logged by the Intrusion Detection system (IDS) of the LANCOM Wireless DSL. Thereby it can be selected between logging within the device, email notification, SNMP trap or SYSLOG alarms.

12

Image 12

Contents Lancom 7111 VPN Lancom 8011 VPN Lancom Systems GmbH, Wuerselen Germany. All rights reserved Security settings PrefaceModel variants This documentation was compiled … Info@lancom.deContents Providing dial-up access Linking two networksSending faxes with Lancapi Troubleshooting AppendixIntroduction Which use does VPN offer?Conventional network infrastructure IsdnNetworking via the Internet Firewall Denial-of-Service Protection Quality-of-Service / Traffic managementWhat does a router do? Internet access for a LAN e.g. via DSL or Isdn Bridgehead to the WANAreas of deployment for routers LAN to LAN coupling via VPN or IsdnRemote access to the company network via VPN or Isdn What can your Lancom router do?Conventional via Isdn Lancom Quality of Service Installation Package contentsSystem preconditions Access to the LAN via the TCP/IP protocol Introducing Lancom routerStatus displays Front sideLED remains lit green Online LED indicates the overall status of all WAN portsFlashing Power LED but no connection? LancomConnection status of the WAN connection Data traffic via the WAN connectionConnection status of Isdn S0 connection Connection status of the serial configuration port 7111 VPN, for both Isdn B channels with Lancom 8011 VPNLCD display Hardware installation Back of the unitInstallation Software installation Starting Lancom setupWhich software should you install? Basic configuration 1 TCP/IP settingsWhich information is necessary? New LAN-fully automatic configuration possible Configure manually nevertheless?Information required for manual TCP/IP configuration IP address and netmask for the Lancom routerConfiguration protection Settings for the DSL connectionSettings for the Isdn connection Enable Dhcp server?Instructions for LANconfig Start up LANconfig by clicking Start Programs LancomLANconfig Connect charge protectionComplete the configuration with Finish Instructions for WEBconfig Network without Dhcp serverStarting the wizards in WEBconfig Network with Dhcp serverOr with a name as discribed above WEBconfig main menu will be displayed Entering the password in the web browser TCP/IP settings to workstation PCs IP address assignment via the Lancom router defaultIP address assignment via a separate Dhcp server Manual IP address assignmentSetting up Internet access Does the setup wizard know your Internet provider?User name and password Additional information for unknown Internet providersIsdn dial-in number User name and password Additional connection optionsDynamic channel bundling Isdn only LANconfig Quick access to the setup wizards Complete the configuration with ApplyAlways configure both sides Linking two networksSecurity aspects What information is necessary? General informationName of the remote station is needed for its identification Settings for the TCP/IP router Settings for the IPX router DNS access to the remote LANExtranet VPN Settings for NetBIOS routing Perform the configuration on both routers, one at a time Ping quick testing for TCP/IP connections Providing dial-up access Which information is required?Isdn calling line identity CLI Coupling EntrySettings for TCP/IP Settings for IPXWAN Settings for the dial-in computer Dial-up via VPNDial-up via Isdn Instructions for LANconfig Providing dial- up access Sending faxes with Lancapi Installation of the Lancom Capi fax modem Installation of the MS Windows fax service Select the option Printers and Faxes from the control panelSend a fax with the MS Windows fax service Sending a faxSend a fax with any given office application Sending faxes with Lancapi Security settings Security settings wizardWizard for LANconfig Wizard for WEBconfig Firewall wizardSecurity checklist Configuration under WEBconfigRules Have you assigned a password for the configuration? Have you permitted remote configuration?Have you activated the Firewall? Do you make use of a ’Deny All’ Firewall strategy?Have you closed critical ports with filters? Troubleshooting Problems with the cabling?No WAN connection is established DSL data transfer is slowCable testing Unwanted connections under Windows XPIncreasing the TCP/IP window size under Windows LAN statisticsTroubleshooting Performance data and specifications AppendixRights for up to 16 administrators Contact assignment DSL interfaceISDN-S0interface Pin RJ45 socketConfiguration interface Outband CE declaration of conformityEthernet interfaces 10/100Base-T Pin mini-DIN socketNumerics Installation IPX conventions IPX router SettingsConnector cable Channel Data compression Dial-innumber Connector cable LAN to LAN coupling 14, 15, 30NetBIOS NetBIOS proxy Netmask Network segment Package contents Packet size adaption PasswordNetBIOS Security aspects Server Setup Specify MSNSettings 28 , 32 Temperature Time WEBconfigCheck connection