Manuals / Lancom Systems / Computer Equipment / Network Router

Lancom Systems 8011 VPN, 7111 VPN manual Firewall

Models: 8011 VPN 7111 VPN

1 77

Download 77 pages 46.77 Kb

Page 12

1.2Firewall

EN

LANCOM 7111 VPN – LANCOM 8011 VPN

Chapter 1: Introduction

technologies such as DSL (Digital Subscriber Line) or G.703 (2-Mbit leased lines). But also a conventional ISDN line can be used.

The technologies of the individual participants do not have to be compatible to one another, as would be the case for conventional direct connections. A single Internet access can be used to establish multiple simultaneous logical connections to a variety of remote stations.

The resulting savings and high flexibility makes the Internet (or any other IP network) an outstanding backbone for a corporate network.

1.2Firewall

The integrated Stateful Inspection Firewall ensures an effective protection against undesired intrusion in your network by permitting only incoming data traffic as reaction to outgoing data traffic. The router’s IP masquerading func- tion hides all workstations of the LAN behind a single public IP address. The actual identities (IP addresses) of the individual workstations remain con- cealed. Firewall filters of the router permit specific IP addresses, protocols and ports to be blocked. With MAC address filters it is also possible to specifically monitor the access of workstations in the LAN to the IP routing function of the device.

	LAN
Internet
Firewall	LANCOM

Further important features of the Firewall are

Intrusion Detection

Break-in attempts into the local network or on the central Firewall are rec- ognized, repelled and logged by the Intrusion Detection system (IDS) of the LANCOM Wireless DSL. Thereby it can be selected between logging within the device, email notification, SNMP trap or SYSLOG alarms.

12

Image 12

Lancom Systems 8011 VPN, 7111 VPN manual Further important features of the Firewall are Intrusion Detection

Contents

LANCOM 7111 VPN LANCOM 8011 VPN 2004 LANCOM Systems GmbH, Wuerselen Germany. All rights reserved Security settings PrefaceUser manual and reference manual Model variantsNotes symbols This documentation was compiled …info@lancom.de Contents 2 Installation3 Basic configuration 4 Setting up Internet accessProviding dial-up access 5 Linking two networks7 Sending faxes with LANCAPI Security settings9 Troubleshooting Appendix1 Introduction 1.1 Which use does VPN offer?Chapter 1 Introduction Conventional network infrastructure A subsidiary is connected to the LAN, typically using a leased lineAccess Service - RAS Chapter 1 IntroductionNetworking via the Internet 1.2 Firewall Further important features of the Firewall are Intrusion Detection1.3 What does a router do? Denial-of-Service ProtectionQuality-of-Service / Traffic management LANCOM CDInternet access for a LAN e.g. via DSL or ISDN 1.3.1 Bridgehead to the WAN1.3.2 Areas of deployment for routers LAN to LAN coupling via VPN or ISDNRemote access to the company network via VPN or ISDN 1.4 What can your LANCOM router do?LANCOM LANCOMWAN connection LAN connectionQuality of Service ConfigurationLANCOM Optional software extensions2 Installation 2.1 Package contents2.2 System preconditions 2.3 Introducing LANCOM router 2.3.1 Status displaysFront side Meanings of the LEDsChapter 2 Installation and the LED remains lit greenThe Online LED indicates the overall status of all WAN ports inverse flashingFlashing Power LED but no connection? Chapter 2 InstallationCompletely deactivate the lock that has been triggered set limit to LANCOMChapter 2 Installation Not connected or no S0 voltage no error messageConnection status of the WAN connection Data traffic via the WAN connectionLCD display 2.4 Hardware installation 2.3.2 The back of the unitWAN - connect the WAN port with the included connector cable dark blue plug e. g. with the ethernet port of a DSL modem or of a cable modem 2.5 Software installation 2.5.1 Starting LANCOM setup2.5.2 Which software should you install? 3 Basic configuration 3.1.1 TCP/IP settings3.1 Which information is necessary? New LAN-fully automatic configuration possible Configure manually nevertheless?Information required for manual TCP/IP configuration IP address and netmask for the LANCOM router3.1.2 Configuration protection 3.1.3 Settings for the DSL connection3.1.4 Settings for the ISDN connection Enable DHCP server?3.2 Instructions for LANconfig LANconfig3.1.5 Connect charge protection Chapter 3 Basic configurationComplete the configuration with Finish 3.3 Instructions for WEBconfig Network without DHCP serverChapter 3 Basic configuration Starting the wizards in WEBconfig Network with DHCP serverPage Entering the password in the web browser 3.4 TCP/IP settings to workstation PCs IP address assignment via the LANCOM router defaultIP address assignment via a separate DHCP server Manual IP address assignmentChapter 3 Basic configuration 4 Setting up Internet access Does the setup wizard know your Internet provider?Additional information for unknown Internet providers Chapter 4 Setting up Internet accessAdditional connection options ISDN - dial-in number User name and passwordChapter 4 Setting up Internet access Dynamic channel bundling ISDN only4.1 Instructions for LANconfig 4.2 Instructions for WEBconfigLANconfig Quick access to the setup wizards Always configure both sides 5 Linking two networksSecurity aspects 5.1 What information is necessary? 5.1.1 General informationThe name of the remote station is needed for its identification 5.1.2 Settings for the TCP/IP router Chapter 5 Linking two networksNetmask 5.1.3 Settings for the IPX router DNS access to the remote LANExtranet VPN 5.1.4 Settings for NetBIOS routing 5.2 Instructions for LANconfig 5.3 Instructions for WEBconfigPing - quick testing for TCP/IP connections 6 Providing dial-up access 6.1 Which information is required?Security aspects 6.1.1 General information The ISDN calling line identity CLI6.1.2 Settings for TCP/IP 6.1.3 Settings for IPX6.1.4 Settings for NetBIOS routing Chapter 6 Providing dial- up accessUser SAMPLE 6.2 Settings for the dial-in computer 6.2.1 Dial-up via VPN6.2.2 Dial-up via ISDN 6.3 Instructions for LANconfig 6.4 Instructions for WEBconfigChapter 6 Providing dial- up access From the main menu, launch the Connect two local networks wizard7 Sending faxes with LANCAPI Chapter 7 Sending faxes with LANCAPI7.1 Installation of the LANCOM CAPI fax modem Chapter 7 Sending faxes with LANCAPI7.2 Installation of the MS Windows fax service Select the option Printers and Faxes from the control panelChapter 7 Sending faxes with LANCAPI 7.3.2 Send a fax with the MS Windows fax service 7.3 Sending a fax7.3.1 Send a fax with any given office application LANCOM 7111 VPN - LANCOM 8011 VPN Chapter 7 Sending faxes with LANCAPI8 Security settings 8.1 The security settings wizard8.1.1 Wizard for LANconfig 8.1.2 Wizard for WEBconfig 8.2.1 Wizard for LANconfig8.2 The firewall wizard 8.3 The security checklist 8.2.2 Configuration under WEBconfigRules Have you assigned a password for the configuration? Have you permitted remote configuration?Have you activated the Firewall? Do you make use of a ’Deny All’ Firewall strategy?Have you excluded certain stations from access to the router? Have you closed critical ports with filters?Is your saved LANCOM router configuration stored in a safe place? Chapter 8 Security settings9 Troubleshooting Problems with the cabling?9.1 No WAN connection is established 9.2 DSL data transfer is slow9.4 Cable testing 9.3 Unwanted connections under Windows XPIncreasing the TCP/IP window size under Windows LAN statisticsChange then to menu item Expert configuration Status LAN statis 10.1 Performance data and specifications 10 AppendixLANCOM 7111 VPN LANCOM 8011 VPNLANCOM 7111 VPN LANCOM 8011 VPNChapter 10 Appendix 10.2 Contact assignment 10.2.1 DSL interface10.2.2 ISDN-S0 interface Connector10.2.4 Configuration interface Outband 10.3 CE declaration of conformity10.2.3 Ethernet interfaces 10/100Base-T ConnectorIndex NumericsAuthentication data Basic configuration12, 14, 16 see status displaysEnable software compression Setting up access to the InternetVirtual Private Network VPN