Lancom Systems 8011 VPN, 7111 VPN manual Lancom

Page 16

EN

LANCOM 7111 VPN – LANCOM 8011 VPN

Chapter 1: Introduction

	LANCOM 7111	LANCOM 8011
	VPN	VPN
RAS server (via VPN)	100 tunnel	200 tunnel,
		optional 500 or 1000

RAS server (via ISDN)

IP router

IPX router (via ISDN), e.g. for coupling of Novell networks or dialling into Novell networks

NetBIOS proxy for coupling of Microsoft peer-to-peer networks via

ISDN

DHCP and DNS server (for LAN and WAN)

N:N mapping for routing networks using the same IP address ranges via VPN

LANCAPI server for the operating with office applications as fax or answering machine via ISDN interface

ISDN leased lines

WAN connection

Fast Ethernet

ISDN S0 for establishing Danymic VPN connections to remote sites with dynamic IP addresses

LAN connection

4 individual Fast Ethernet LAN ports, switchable separately, e.g. as LAN switch or separate DMZ ports, auto crossover.

Security functions

IP masquerading (NAT, PAT) to hide all workstations of the LAN behind one common public IP address.

Stateful Inspection Firewall with Intrusion Detection and DoS-Protec- tion

Firewall filters for a selective locking of IP addresses, protocols and ports

MAC address filter control e.g. the access of LAN workstations to IP routing functions

Configuration protection to block “brute force attacks“

16

Image 16

Contents Lancom 7111 VPN Lancom 8011 VPN Lancom Systems GmbH, Wuerselen Germany. All rights reserved Security settings PrefaceModel variants This documentation was compiled … Info@lancom.deContents Linking two networks Providing dial-up accessSending faxes with Lancapi Troubleshooting AppendixIntroduction Which use does VPN offer?Conventional network infrastructure IsdnNetworking via the Internet Firewall Quality-of-Service / Traffic management Denial-of-Service ProtectionWhat does a router do? Internet access for a LAN e.g. via DSL or Isdn Bridgehead to the WANAreas of deployment for routers LAN to LAN coupling via VPN or IsdnWhat can your Lancom router do? Remote access to the company network via VPN or IsdnConventional via Isdn Lancom Quality of Service Package contents InstallationSystem preconditions Access to the LAN via the TCP/IP protocol Introducing Lancom routerStatus displays Front sideLED remains lit green Online LED indicates the overall status of all WAN portsFlashing Power LED but no connection? LancomData traffic via the WAN connection Connection status of the WAN connectionConnection status of Isdn S0 connection 7111 VPN, for both Isdn B channels with Lancom 8011 VPN Connection status of the serial configuration portLCD display Hardware installation Back of the unitInstallation Software installation Starting Lancom setupWhich software should you install? 1 TCP/IP settings Basic configurationWhich information is necessary? New LAN-fully automatic configuration possible Configure manually nevertheless?Information required for manual TCP/IP configuration IP address and netmask for the Lancom routerConfiguration protection Settings for the DSL connectionSettings for the Isdn connection Enable Dhcp server?Instructions for LANconfig Start up LANconfig by clicking Start Programs LancomLANconfig Connect charge protectionComplete the configuration with Finish Instructions for WEBconfig Network without Dhcp serverNetwork with Dhcp server Starting the wizards in WEBconfigOr with a name as discribed above WEBconfig main menu will be displayed Entering the password in the web browser TCP/IP settings to workstation PCs IP address assignment via the Lancom router defaultIP address assignment via a separate Dhcp server Manual IP address assignmentSetting up Internet access Does the setup wizard know your Internet provider?User name and password Additional information for unknown Internet providersAdditional connection options Isdn dial-in number User name and passwordDynamic channel bundling Isdn only LANconfig Quick access to the setup wizards Complete the configuration with ApplyLinking two networks Always configure both sidesSecurity aspects What information is necessary? General informationName of the remote station is needed for its identification Settings for the TCP/IP router DNS access to the remote LAN Settings for the IPX routerExtranet VPN Settings for NetBIOS routing Perform the configuration on both routers, one at a time Ping quick testing for TCP/IP connections Providing dial-up access Which information is required?Isdn calling line identity CLI Coupling EntrySettings for TCP/IP Settings for IPXWAN Dial-up via VPN Settings for the dial-in computerDial-up via Isdn Instructions for LANconfig Providing dial- up access Sending faxes with Lancapi Installation of the Lancom Capi fax modem Installation of the MS Windows fax service Select the option Printers and Faxes from the control panelSending a fax Send a fax with the MS Windows fax serviceSend a fax with any given office application Sending faxes with Lancapi Security settings wizard Security settingsWizard for LANconfig Wizard for WEBconfig Firewall wizardConfiguration under WEBconfig Security checklistRules Have you assigned a password for the configuration? Have you permitted remote configuration?Have you activated the Firewall? Do you make use of a ’Deny All’ Firewall strategy?Have you closed critical ports with filters? Troubleshooting Problems with the cabling?No WAN connection is established DSL data transfer is slowCable testing Unwanted connections under Windows XPIncreasing the TCP/IP window size under Windows LAN statisticsTroubleshooting Performance data and specifications AppendixRights for up to 16 administrators Contact assignment DSL interfaceISDN-S0interface Pin RJ45 socketConfiguration interface Outband CE declaration of conformityEthernet interfaces 10/100Base-T Pin mini-DIN socketNumerics Installation IPX conventions IPX router SettingsConnector cable Channel Data compression Dial-innumber Connector cable LAN to LAN coupling 14, 15, 30NetBIOS NetBIOS proxy Netmask Network segment Package contents Packet size adaption PasswordNetBIOS Security aspects Server Setup Specify MSNTemperature Time WEBconfig Settings 28 , 32Check connection