LANCOM 1711 VPN

Scope of features: as of LCOS version 7.2

 

Firewall

 

 

 

Stateful inspection firewall

Incoming/Outgoing Traffic inspection based on connection information

 

 

 

 

 

 

Packet filter

Check based on the header information of an IP packet (IP or MAC source/destination addresses; source/destination ports,

 

 

 

DiffServ attribute); remote-site dependant, direction dependant, bandwidth dependant

 

 

 

 

 

 

Extended port forwarding

Network Address Translation (NAT) based on protocol and WAN address, i.e. to make internal webservers accessible from WAN

 

 

 

 

 

 

N:N IP address mapping

N:N IP address mapping for translation of IP addresses or entire networks

 

 

 

 

 

 

Tagging

The firewall marks packets with routing tags, e.g. for policy-based routing

 

 

 

 

 

 

Actions

Forward, drop, reject, block sender address, close destination port, disconnect

 

 

 

 

 

 

Notification

Via e-mail, SYSLOG or SNMP trap

 

 

 

 

 

 

Quality of Service

 

 

 

Traffic shaping

Dynamic bandwidth management with IP traffic shaping

 

 

 

 

 

 

Bandwidth reservation

Dynamic reservation of minimum and maximum bandwidths, totally or connection bases, separate settings for send and receive

 

 

 

directions

 

 

 

 

 

 

DiffServ/TOS

Priority queuing of packets based on DiffServ/TOS fields

 

 

 

 

 

 

Packet-size control

Automatic packet-size control by fragmentation or Path Maximum Transmission Unit (PMTU) adjustment.

 

 

 

 

 

 

Layer 2/Layer 3 tagging

Automatic or fixed translation of layer-2 priority information (802.11p-marked Ethernet frames) to layer-3 DiffServ attributes in

 

 

 

routing mode. Translation from layer 3 to layer 2 with automatic recognition of 802.1p-support in the destination device.

 

 

Security

 

 

 

Intrusion Prevention

Monitoring and blocking of login attempts and port scans

 

 

 

 

 

 

IP spoofing

Source IP address check on all interfaces: only IP addresses belonging to the defined IP networks are allowed

 

 

 

 

 

 

Access control lists

Filtering of IP or MAC addresses and preset protocols for configuration access and LANCAPI

 

 

 

 

 

 

Denial of Service protection

Protection from fragmentation errors and SYN flooding

 

 

 

 

 

 

General

Detailed settings for handling reassembly, PING, stealth mode and AUTH port

 

 

 

 

 

 

URL blocker

Filtering of unwanted URLs based on DNS hitlists and wildcard filters

 

 

 

 

 

 

Password protection

Password-protected configuration access can be set for each interface

 

 

 

 

 

 

Alerts

Alerts via e-mail, SNMP-Traps and SYSLOG

 

 

 

 

 

 

Authentication mechanisms

PAP, CHAP and MS-CHAP as PPP authentication mechanism

 

 

 

 

 

 

Anti-theft

Anti-theft ISDN site verification over B or D channel (self-initiated call back and blocking)

 

 

 

 

 

 

Adjustable reset button

Adjustable reset button for "ignore", "boot-only" and "reset-or-boot

 

 

 

 

 

 

High availability / redundancy

 

 

 

VRRP

VRRP (Virtual Router Redundancy Protocol) for backup in case of failure of a device or remote station. Enables passive standby

 

 

 

groups or reciprocal backup between multiple active devices including load balancing and user definable backup priorities

 

 

 

 

 

 

FirmSafe

For completely safe software upgrades thanks to two stored firmware versions, incl. test mode for firmware updates

 

 

 

 

 

 

ISDN backup

In case of failure of the main connection, a backup connection is established over ISDN; automatic return to the main connection

 

 

 

 

 

 

Analog/GSM modem backup

Optional operation of an analog or GSM modem at the serial interface

 

 

 

 

 

 

Load balancing

Static and dynamic load balancing over up to 4 WAN connections; channel bundling with Multilink PPP (if supported by network

 

 

 

operator)

 

 

 

 

 

 

VPN redundancy

Control of up to 16 redundant VPN gateways for high availability or load balancing

 

 

 

 

 

 

Line monitoring

Line monitoring with LCP echo monitoring, dead-peer detection and up to 4 addresses for end-to-end monitoring with ICMP

 

 

 

polling.

 

 

VPN

 

 

 

1-Click-VPN Client assistant

One click function in LANconfig to create VPN client connections, incl. automatic profile creation for the LANCOM Advanced

 

 

 

VPN Client

 

 

 

 

 

 

1-Click-VPN Site-to-Site

Creation of VPN connections between LANCOM router via drag and drop in LANconfig

 

 

 

 

 

 

Number of VPN tunnels

5 IPSec connections active simultaneously (25 with VPN-25 Option), 25 connections configurable (50 with VPN-25 Option).

 

 

 

Configuration of all remote sites via one configuration entry when using the RAS user template or Proadaptive VPN

 

 

 

 

 

 

Hardware accelerator (optional)

Activated 3DES/AES hardware encryption with the VPN-25 Option

 

 

 

 

 

 

IKE

IPSec key exchange with Preshared Key or certificate

 

 

 

 

 

 

Certificates

X.509 digital certificate support, compatible with Microsoft Server / Enterprise Server and OpenSSL, upload of PKCS#12 files via

 

 

 

HTTPS interface

 

 

Certificate rollout

Automatic creation, rollout and renewal of certificates via SCEP (Simple Certificate Enrollment Protocol)

 

 

 

 

 

Page 2 Page 4
Page 3
Image 3
Lancom Systems 1711 manual Firewall, Quality of Service, Security, High availability / redundancy
Page 2 Page 4

1711 specifications

Lancom Systems is a notable player in the networking solutions market, and its range of routers, specifically the 821, 1621, and 1711 models, showcases the company's commitment to delivering robust, high-quality products for various enterprise needs. Each model brings distinct features, making them suitable for different environments and operational demands.

The Lancom 821 is particularly designed for small to medium-sized enterprises (SMEs) requiring reliable internet connectivity and secure networking. This router supports various VPN technologies, ensuring secure data transmission across the organization. Equipped with advanced firewall capabilities, the 821 can handle multiple connections while protecting against potential cyber threats. Its support for IPv6 enhances compatibility with future networks, making it a long-term investment. The device’s manageable architecture allows for remote access and troubleshooting, reducing the need for on-site IT interventions.

On the other hand, the Lancom 1621 is tailored for larger organizations or those with more extensive networking demands. This model offers enhanced throughput and is capable of managing large volumes of traffic without compromising performance. It features a variety of WAN connection options, including DSL, LTE, and fiber, allowing businesses to choose the best solution for their requirements. The 1621 also incorporates sophisticated Quality of Service (QoS) settings, which prioritize critical applications to ensure optimal performance during peak times. Built-in redundancy features enhance reliability, making it an excellent choice for mission-critical applications.

The Lancom 1711 takes networking capabilities a step further, targeting enterprises with even more complex needs. It boasts advanced routing and switching features, making it suitable for enterprise-grade deployments. The 1711 supports enterprise WLAN management, allowing seamless integration with wireless access points. Its robust performance over WAN connections enables the deployment of various real-time applications, such as voice over IP (VoIP) and video conferencing, without latency issues. Security is a top priority, with features including an IPSec VPN and integrated threat detection to safeguard organizational data.

In summary, the Lancom 821, 1621, and 1711 routers serve as versatile tools for businesses, each designed with distinct capabilities to meet specific networking needs. Their strengths lie in their security features, support for various connection types, and reliable performance under heavy loads. With these devices, organizations can ensure that their network infrastructure not only meets current demands but is also poised for future growth.
Top Page Image Contents