Lancom Systems 8011 VPN, 7111 VPN manual Appendix, Performance data and specifications

Page 70

EN

LANCOM 7111 VPN – LANCOM 8011 VPN

Chapter 10: Appendix

10 Appendix

10.1Performance data and specifications

	LANCOM 7111 VPN		LANCOM 8011 VPN
Firewall	Stateful inspection, IP packet filter with port ranges; masquerading (NAT/PAT) of TCP,
	UDP, ICMP, FTP, PPTP, H.323, NetMeeting IRC and IPSec; DNS forwarding; inverse mas-
	querading for IP services from the Intranet such as web server; support of 2 local net-
	works; e.g. DMZ with own IP address range without NAT, port mapping.

Quality of Service	Dynamic bandwidth management with IP traffic-shaping/limiting with dynamic, abso-
	lute or per connection transfer limits or guaranteed minimum bandwidths, separated
	from send or receive site, TOS or DiffServ priority queuing, automatic packet size
	adoption incl. PMTU adjustment or fragmentation.

Security	Intrusion detection (IP spoofing, login attempt, port scans), denial-of-service protec-
	tion (fragmentation error, SYNflooding, automatic closing of ports/connections). DNS
	hitlist as well as wild card filter (URL blocking). High availability with ISDN dial backup
	for Internet access or VPN connections. Email alerting, SNMP traps and SYSLOG. PAP,
	CHAP and MS-CHAP as PPP authentification, password-protected configuration
	remote access per interface, access control list (IP, MAC and protocol filter) for config-
	uration access and LANCAPI, ISDN remote access list. FirmSafe with two firmware ver-
	sions for absolute secure software upgrades.

VPN/IPSec	100 IPSec sessions parallel.		200 IPSec sessions parallel. Can be
			upgraded to 500 or 1000 channels.
	Encryption methods: AES and 3-DES (for LANCOM 8011 VPN with hardware accelera-
	tion), Blowfish, CAST, MD-5 or SHA-1 Hashes IKE with Preshared Keys, IKE config
	mode. Up to 8 redundant VPN gateways for load balancving and high availability.

IPSec clients	LANCOM Advanced VPN Client for windows operating systems, incl. firewall, auto-
	matic line management, X.auth/Config Mode, IPCOMP etc., available in different
	license scales.

LANCOM Dynamic VPN	Connection to dynamic IP addresses: transferring of the dynamic IP address via ISDN B
	or D channel, IKE main mode. Connection from dynamic to static IP addresses:
	encrypted transferring of the dynamic IP address via ICMP or UDP packet, IKE Main
	Mode.

Router modes, services and	IP, IPX and NetBIOS/IP multi protocol Router, HTTP and HTTPS Server (WEBconfig),
interfaces	DNS Client, DNS Server, DNS Relay, DNS Proxy, DHCP Client, DHCP Relay and DHCP
	Server incl. auto detection, Dynamic DNS Client, NTP Client, SNTP Server, NetBIOS/IP
	Proxy, N : N IP address mapping

LAN protocols	IP: ARP, Proxy ARP, IP, ICMP, UDP, TCP, TFTP, RIP-1, RIP-2, DHCP, DNS, SNMP, HTTP,
	HTTPS, BOOTP, NTP/SNTP, NetBIOS, RADIUS, LANCAPI
	IPX: RIP, SAP, IPX and SPX watchdogs, NetBIOS watchdogs
WAN protocols	PPPoE, Multi-PPPoE, PPTP (PAC or PNS) and Plain Ethernet (with and without DHCP)
WAN protocols (ISDN)	D channel: 1TR6, DSS1 (Euro ISDN); B channel: PPP (asynchronous/synchronous),
	X.75, HDLC, ML PPP for channel bundling, V.110/GSM/HSCSD, CAPI 2.0 via LANCAPI,
	Stac data compression, leased line support for D64, D64S2, D64SY

70

Image 70

Contents Lancom 7111 VPN Lancom 8011 VPN Lancom Systems GmbH, Wuerselen Germany. All rights reserved Security settings PrefaceModel variants This documentation was compiled … Info@lancom.deContents Linking two networks Providing dial-up accessSending faxes with Lancapi Troubleshooting AppendixIntroduction Which use does VPN offer?Conventional network infrastructure IsdnNetworking via the Internet Firewall Quality-of-Service / Traffic management Denial-of-Service ProtectionWhat does a router do? Areas of deployment for routers Internet access for a LAN e.g. via DSL or IsdnBridgehead to the WAN LAN to LAN coupling via VPN or IsdnWhat can your Lancom router do? Remote access to the company network via VPN or IsdnConventional via Isdn Lancom Quality of Service Package contents InstallationSystem preconditions Status displays Access to the LAN via the TCP/IP protocolIntroducing Lancom router Front sideLED remains lit green Online LED indicates the overall status of all WAN portsFlashing Power LED but no connection? LancomData traffic via the WAN connection Connection status of the WAN connectionConnection status of Isdn S0 connection 7111 VPN, for both Isdn B channels with Lancom 8011 VPN Connection status of the serial configuration portLCD display Hardware installation Back of the unitInstallation Software installation Starting Lancom setupWhich software should you install? 1 TCP/IP settings Basic configurationWhich information is necessary? Information required for manual TCP/IP configuration New LAN-fully automatic configuration possibleConfigure manually nevertheless? IP address and netmask for the Lancom routerSettings for the Isdn connection Configuration protectionSettings for the DSL connection Enable Dhcp server?LANconfig Instructions for LANconfigStart up LANconfig by clicking Start Programs Lancom Connect charge protectionComplete the configuration with Finish Instructions for WEBconfig Network without Dhcp serverNetwork with Dhcp server Starting the wizards in WEBconfigOr with a name as discribed above WEBconfig main menu will be displayed Entering the password in the web browser TCP/IP settings to workstation PCs IP address assignment via the Lancom router defaultIP address assignment via a separate Dhcp server Manual IP address assignmentUser name and password Setting up Internet accessDoes the setup wizard know your Internet provider? Additional information for unknown Internet providersAdditional connection options Isdn dial-in number User name and passwordDynamic channel bundling Isdn only LANconfig Quick access to the setup wizards Complete the configuration with ApplyLinking two networks Always configure both sidesSecurity aspects What information is necessary? General informationName of the remote station is needed for its identification Settings for the TCP/IP router DNS access to the remote LAN Settings for the IPX routerExtranet VPN Settings for NetBIOS routing Perform the configuration on both routers, one at a time Ping quick testing for TCP/IP connections Providing dial-up access Which information is required?Isdn calling line identity CLI Coupling EntrySettings for TCP/IP Settings for IPXWAN Dial-up via VPN Settings for the dial-in computerDial-up via Isdn Instructions for LANconfig Providing dial- up access Sending faxes with Lancapi Installation of the Lancom Capi fax modem Installation of the MS Windows fax service Select the option Printers and Faxes from the control panelSending a fax Send a fax with the MS Windows fax serviceSend a fax with any given office application Sending faxes with Lancapi Security settings wizard Security settingsWizard for LANconfig Wizard for WEBconfig Firewall wizardConfiguration under WEBconfig Security checklistRules Have you activated the Firewall? Have you assigned a password for the configuration?Have you permitted remote configuration? Do you make use of a ’Deny All’ Firewall strategy?Have you closed critical ports with filters? No WAN connection is established TroubleshootingProblems with the cabling? DSL data transfer is slowIncreasing the TCP/IP window size under Windows Cable testingUnwanted connections under Windows XP LAN statisticsTroubleshooting Performance data and specifications AppendixRights for up to 16 administrators ISDN-S0interface Contact assignmentDSL interface Pin RJ45 socketEthernet interfaces 10/100Base-T Configuration interface OutbandCE declaration of conformity Pin mini-DIN socketNumerics Connector cable Channel Data compression Dial-innumber InstallationIPX conventions IPX router Settings Connector cable LAN to LAN coupling 14, 15, 30NetBIOS NetBIOS NetBIOS proxy Netmask Network segmentPackage contents Packet size adaption Password Security aspects Server Setup Specify MSNTemperature Time WEBconfig Settings 28 , 32Check connection