Firewall | Lancom Systems 8011 VPN, 7111 VPN specification

EN

LANCOM 7111 VPN – LANCOM 8011 VPN

Chapter 1: Introduction

technologies such as DSL (Digital Subscriber Line) or G.703 (2-Mbit leased lines). But also a conventional ISDN line can be used.

The technologies of the individual participants do not have to be compatible to one another, as would be the case for conventional direct connections. A single Internet access can be used to establish multiple simultaneous logical connections to a variety of remote stations.

The resulting savings and high flexibility makes the Internet (or any other IP network) an outstanding backbone for a corporate network.

1.2Firewall

The integrated Stateful Inspection Firewall ensures an effective protection against undesired intrusion in your network by permitting only incoming data traffic as reaction to outgoing data traffic. The router’s IP masquerading func- tion hides all workstations of the LAN behind a single public IP address. The actual identities (IP addresses) of the individual workstations remain con- cealed. Firewall filters of the router permit specific IP addresses, protocols and ports to be blocked. With MAC address filters it is also possible to specifically monitor the access of workstations in the LAN to the IP routing function of the device.

	LAN
Internet
Firewall	LANCOM

Further important features of the Firewall are

Intrusion Detection

Break-in attempts into the local network or on the central Firewall are rec- ognized, repelled and logged by the Intrusion Detection system (IDS) of the LANCOM Wireless DSL. Thereby it can be selected between logging within the device, email notification, SNMP trap or SYSLOG alarms.

12

Image 12

Lancom Systems 8011 VPN, 7111 VPN manual Firewall

Contents

Lancom 7111 VPN Lancom 8011 VPN Lancom Systems GmbH, Wuerselen Germany. All rights reserved Security settings Preface Model variants This documentation was compiled … Info@lancom.de Contents Providing dial-up access Linking two networksSending faxes with Lancapi Troubleshooting Appendix Introduction Which use does VPN offer? Conventional network infrastructure Isdn Networking via the Internet Firewall Denial-of-Service Protection Quality-of-Service / Traffic managementWhat does a router do? Internet access for a LAN e.g. via DSL or Isdn Bridgehead to the WANAreas of deployment for routers LAN to LAN coupling via VPN or Isdn Remote access to the company network via VPN or Isdn What can your Lancom router do?Conventional via Isdn Lancom Quality of Service Installation Package contentsSystem preconditions Access to the LAN via the TCP/IP protocol Introducing Lancom routerStatus displays Front side LED remains lit green Online LED indicates the overall status of all WAN ports Flashing Power LED but no connection? Lancom Connection status of the WAN connection Data traffic via the WAN connectionConnection status of Isdn S0 connection Connection status of the serial configuration port 7111 VPN, for both Isdn B channels with Lancom 8011 VPNLCD display Hardware installation Back of the unit Installation Software installation Starting Lancom setup Which software should you install? Basic configuration 1 TCP/IP settingsWhich information is necessary? New LAN-fully automatic configuration possible Configure manually nevertheless?Information required for manual TCP/IP configuration IP address and netmask for the Lancom router Configuration protection Settings for the DSL connectionSettings for the Isdn connection Enable Dhcp server? Instructions for LANconfig Start up LANconfig by clicking Start Programs LancomLANconfig Connect charge protection Complete the configuration with Finish Instructions for WEBconfig Network without Dhcp server Starting the wizards in WEBconfig Network with Dhcp serverOr with a name as discribed above WEBconfig main menu will be displayed Entering the password in the web browser TCP/IP settings to workstation PCs IP address assignment via the Lancom router default IP address assignment via a separate Dhcp server Manual IP address assignment Setting up Internet access Does the setup wizard know your Internet provider?User name and password Additional information for unknown Internet providers Isdn dial-in number User name and password Additional connection optionsDynamic channel bundling Isdn only LANconfig Quick access to the setup wizards Complete the configuration with Apply Always configure both sides Linking two networksSecurity aspects What information is necessary? General information Name of the remote station is needed for its identification Settings for the TCP/IP router Settings for the IPX router DNS access to the remote LANExtranet VPN Settings for NetBIOS routing Perform the configuration on both routers, one at a time Ping quick testing for TCP/IP connections Providing dial-up access Which information is required? Isdn calling line identity CLI Coupling Entry Settings for TCP/IP Settings for IPX WAN Settings for the dial-in computer Dial-up via VPNDial-up via Isdn Instructions for LANconfig Providing dial- up access Sending faxes with Lancapi Installation of the Lancom Capi fax modem Installation of the MS Windows fax service Select the option Printers and Faxes from the control panel Send a fax with the MS Windows fax service Sending a faxSend a fax with any given office application Sending faxes with Lancapi Security settings Security settings wizardWizard for LANconfig Wizard for WEBconfig Firewall wizard Security checklist Configuration under WEBconfigRules Have you assigned a password for the configuration? Have you permitted remote configuration?Have you activated the Firewall? Do you make use of a ’Deny All’ Firewall strategy? Have you closed critical ports with filters? Troubleshooting Problems with the cabling?No WAN connection is established DSL data transfer is slow Cable testing Unwanted connections under Windows XPIncreasing the TCP/IP window size under Windows LAN statistics Troubleshooting Performance data and specifications Appendix Rights for up to 16 administrators Contact assignment DSL interfaceISDN-S0interface Pin RJ45 socket Configuration interface Outband CE declaration of conformityEthernet interfaces 10/100Base-T Pin mini-DIN socket Numerics Installation IPX conventions IPX router SettingsConnector cable Channel Data compression Dial-innumber Connector cable LAN to LAN coupling 14, 15, 30 NetBIOS NetBIOS proxy Netmask Network segment Package contents Packet size adaption PasswordNetBIOS Security aspects Server Setup Specify MSN Settings 28 , 32 Temperature Time WEBconfigCheck connection