Lancom Systems 7111 VPN, 8011 VPN manual Preface, Security settings

Page 3

LANCOM 7111 VPN – LANCOM 8011 VPN

Preface

Preface

Thank you for placing your trust in this LANCOM Systems product.

The top models of the LANCOM router series serve as extremely powerful Dynamic VPN gateways for medium-sized and large locations.

Due to the Fast Ethernet uplink, LANCOM devices are ideal partners for all connection variants.

Integrated LANCOM High Security Firewall

With 100 up to 1000 VPN channels the LANCOM router series offers enough capacity for high-bandwidth couplings (LANCOM 8011 VPN with hardware accelerator).

With the IPSec extension LANCOM dynamic VPN it is possible to connect branch offices with dynamic IP addresses (standard broadband connec- tion) at any time—even if the receiving station is not online.

DMZ ports and separate internet address ranges (without NAT) support the operation of your own web servers.

The IP quality of service functions provide dynamic bandwidth manage- ment, in particular for Voice over IP telephone systems, for critical appli- cations or for certain user groups.

Due to its N:N IP address mapping also existing networks can be inte- grated seamlessly into VPNs.

The provided management tools LANconfig and LANmonitor support a complete real time monitoring apart from comfortable remote mainte- nance of the branch offices.

Further highlights are the extensive Firewall features, for example the Stateful Inspection, Intrusion Detection and protection from Denial-of- Service attacks.

Regular free software updates of the LANCOM operating system LCOS are available at any time.

Security settings

For a carefree use of your device, we recommend to carry out all security set- tings (e.g. Firewall, encryption, access protection, charge lock), which are not already activated at the time of purchase of your device. The LANconfig wizard ’Check Security Settings’ will support you accomplishing this. Further informa- tion regarding this topic can be found in chapter ’Security settings’ page 62.

EN

3

Page 2 Page 4
Image 3
Page 2 Page 4
Contents Lancom 7111 VPN Lancom 8011 VPN Lancom Systems GmbH, Wuerselen Germany. All rights reserved Preface Security settingsModel variants Info@lancom.de This documentation was compiled …Contents Providing dial-up access Linking two networksSending faxes with Lancapi Appendix TroubleshootingWhich use does VPN offer? IntroductionIsdn Conventional network infrastructureNetworking via the Internet Firewall Denial-of-Service Protection Quality-of-Service / Traffic managementWhat does a router do? LAN to LAN coupling via VPN or Isdn Internet access for a LAN e.g. via DSL or IsdnBridgehead to the WAN Areas of deployment for routersRemote access to the company network via VPN or Isdn What can your Lancom router do?Conventional via Isdn Lancom Quality of Service Installation Package contentsSystem preconditions Front side Access to the LAN via the TCP/IP protocolIntroducing Lancom router Status displaysOnline LED indicates the overall status of all WAN ports LED remains lit greenLancom Flashing Power LED but no connection?Connection status of the WAN connection Data traffic via the WAN connectionConnection status of Isdn S0 connection Connection status of the serial configuration port 7111 VPN, for both Isdn B channels with Lancom 8011 VPNLCD display Back of the unit Hardware installationInstallation Starting Lancom setup Software installationWhich software should you install? Basic configuration 1 TCP/IP settingsWhich information is necessary? IP address and netmask for the Lancom router New LAN-fully automatic configuration possibleConfigure manually nevertheless? Information required for manual TCP/IP configurationEnable Dhcp server? Configuration protectionSettings for the DSL connection Settings for the Isdn connectionConnect charge protection Instructions for LANconfigStart up LANconfig by clicking Start Programs Lancom LANconfigComplete the configuration with Finish Network without Dhcp server Instructions for WEBconfigStarting the wizards in WEBconfig Network with Dhcp serverOr with a name as discribed above WEBconfig main menu will be displayed Entering the password in the web browser IP address assignment via the Lancom router default TCP/IP settings to workstation PCsManual IP address assignment IP address assignment via a separate Dhcp serverAdditional information for unknown Internet providers Setting up Internet accessDoes the setup wizard know your Internet provider? User name and passwordIsdn dial-in number User name and password Additional connection optionsDynamic channel bundling Isdn only Complete the configuration with Apply LANconfig Quick access to the setup wizardsAlways configure both sides Linking two networksSecurity aspects General information What information is necessary?Name of the remote station is needed for its identification Settings for the TCP/IP router Settings for the IPX router DNS access to the remote LANExtranet VPN Settings for NetBIOS routing Perform the configuration on both routers, one at a time Ping quick testing for TCP/IP connections Which information is required? Providing dial-up accessCoupling Entry Isdn calling line identity CLISettings for IPX Settings for TCP/IPWAN Settings for the dial-in computer Dial-up via VPNDial-up via Isdn Instructions for LANconfig Providing dial- up access Sending faxes with Lancapi Installation of the Lancom Capi fax modem Select the option Printers and Faxes from the control panel Installation of the MS Windows fax serviceSend a fax with the MS Windows fax service Sending a faxSend a fax with any given office application Sending faxes with Lancapi Security settings Security settings wizardWizard for LANconfig Firewall wizard Wizard for WEBconfigSecurity checklist Configuration under WEBconfigRules Do you make use of a ’Deny All’ Firewall strategy? Have you assigned a password for the configuration?Have you permitted remote configuration? Have you activated the Firewall?Have you closed critical ports with filters? DSL data transfer is slow TroubleshootingProblems with the cabling? No WAN connection is establishedLAN statistics Cable testingUnwanted connections under Windows XP Increasing the TCP/IP window size under WindowsTroubleshooting Appendix Performance data and specificationsRights for up to 16 administrators Pin RJ45 socket Contact assignmentDSL interface ISDN-S0interfacePin mini-DIN socket Configuration interface OutbandCE declaration of conformity Ethernet interfaces 10/100Base-TNumerics Connector cable LAN to LAN coupling 14, 15, 30 InstallationIPX conventions IPX router Settings Connector cable Channel Data compression Dial-innumberSecurity aspects Server Setup Specify MSN NetBIOS NetBIOS proxy Netmask Network segmentPackage contents Packet size adaption Password NetBIOSSettings 28 , 32 Temperature Time WEBconfigCheck connection
Top Page Image Contents