Manuals / Lancom Systems / Computer Equipment / Network Router

Lancom Systems 8011 VPN, 7111 VPN Have you excluded certain stations from access to the router?

Models: 8011 VPN 7111 VPN

1 77

Download 77 pages 46.77 Kb

Page 66

Have you excluded certain stations from access to the router?

EN

LANCOM 7111 VPN – LANCOM 8011 VPN

Chapter 8: Security settings

individually for each route in the routing table. The routing table can be found in the LANconfig in the 'IP router' configuration section on the 'Routing' tab.

Have you excluded certain stations from access to the router?

Access to the internal functions of the devices can be restricted using a special filter list. Internal functions in this case are configuration sessions via LANconfig, WEBconfig, Telnet or TFTP. This table is empty by default and so access to the router can therefore be obtained by TCP/IP using Tel- net or TFTP from computers with any IP address. The filter is activated when the first IP address with its associated network mask is entered and from that point on only those IP addresses contained in this initial entry will be permitted to use the internal functions. The circle of authorized users can be expanded by inputting further entries. The filter entries can describe both individual computers and whole networks. The access list can be found in LANconfig in the 'TCP/IP' configuration section on the 'General' tab.

Have you closed critical ports with filters?

The firewall filters of the LANCOM router devices offer filter functions for individual computers or entire networks. Source and target filters can be set for individual ports or for ranges of ports. In addition, individual pro- tocols or any combinations of protocols (TCP/UDP/ICMP) can be filtered. It is particularly easy to set up the filters with LANconfig. The 'Rules' tab under 'Firewall/QoS' can assist you to define and change the filter rules.

Is your saved LANCOM router configuration stored in a safe place?

Protect the saved configurations against unauthorized access in a safe place. A saved configuration could otherwise be loaded in another device by an unauthorized person, enabling, for example, the use of your Inter- net connections at your expense.

66

Image 66

Lancom Systems 8011 VPN, 7111 VPN manual Have you excluded certain stations from access to the router?, Security settings

Contents

LANCOM 7111 VPN LANCOM 8011 VPN 2004 LANCOM Systems GmbH, Wuerselen Germany. All rights reserved Security settings PrefaceUser manual and reference manual Model variantsNotes symbols This documentation was compiled …info@lancom.de 3 Basic configuration Contents2 Installation 4 Setting up Internet access7 Sending faxes with LANCAPI Providing dial-up access5 Linking two networks Security settings9 Troubleshooting Appendix1 Introduction 1.1 Which use does VPN offer?Chapter 1 Introduction Access Service - RAS Conventional network infrastructureA subsidiary is connected to the LAN, typically using a leased line Chapter 1 IntroductionNetworking via the Internet 1.2 Firewall Further important features of the Firewall are Intrusion DetectionQuality-of-Service / Traffic management 1.3 What does a router do?Denial-of-Service Protection LANCOM CD1.3.2 Areas of deployment for routers Internet access for a LAN e.g. via DSL or ISDN1.3.1 Bridgehead to the WAN LAN to LAN coupling via VPN or ISDNRemote access to the company network via VPN or ISDN 1.4 What can your LANCOM router do?WAN connection LANCOMLANCOM LAN connectionLANCOM Quality of ServiceConfiguration Optional software extensions2 Installation 2.1 Package contents2.2 System preconditions Front side 2.3 Introducing LANCOM router2.3.1 Status displays Meanings of the LEDsThe Online LED indicates the overall status of all WAN ports Chapter 2 Installationand the LED remains lit green inverse flashingCompletely deactivate the lock that has been triggered set limit to Flashing Power LED but no connection?Chapter 2 Installation LANCOMConnection status of the WAN connection Chapter 2 InstallationNot connected or no S0 voltage no error message Data traffic via the WAN connectionLCD display 2.4 Hardware installation 2.3.2 The back of the unitWAN - connect the WAN port with the included connector cable dark blue plug e. g. with the ethernet port of a DSL modem or of a cable modem 2.5 Software installation 2.5.1 Starting LANCOM setup2.5.2 Which software should you install? 3 Basic configuration 3.1.1 TCP/IP settings3.1 Which information is necessary? Information required for manual TCP/IP configuration New LAN-fully automatic configuration possibleConfigure manually nevertheless? IP address and netmask for the LANCOM router3.1.4 Settings for the ISDN connection 3.1.2 Configuration protection3.1.3 Settings for the DSL connection Enable DHCP server?3.1.5 Connect charge protection 3.2 Instructions for LANconfigLANconfig Chapter 3 Basic configurationComplete the configuration with Finish 3.3 Instructions for WEBconfig Network without DHCP serverChapter 3 Basic configuration Starting the wizards in WEBconfig Network with DHCP serverPage Entering the password in the web browser 3.4 TCP/IP settings to workstation PCs IP address assignment via the LANCOM router defaultIP address assignment via a separate DHCP server Manual IP address assignmentChapter 3 Basic configuration Additional information for unknown Internet providers 4 Setting up Internet accessDoes the setup wizard know your Internet provider? Chapter 4 Setting up Internet accessChapter 4 Setting up Internet access Additional connection optionsISDN - dial-in number User name and password Dynamic channel bundling ISDN only4.1 Instructions for LANconfig 4.2 Instructions for WEBconfigLANconfig Quick access to the setup wizards Always configure both sides 5 Linking two networksSecurity aspects 5.1 What information is necessary? 5.1.1 General informationThe name of the remote station is needed for its identification 5.1.2 Settings for the TCP/IP router Chapter 5 Linking two networksNetmask 5.1.3 Settings for the IPX router DNS access to the remote LANExtranet VPN 5.1.4 Settings for NetBIOS routing 5.2 Instructions for LANconfig 5.3 Instructions for WEBconfigPing - quick testing for TCP/IP connections 6 Providing dial-up access 6.1 Which information is required?Security aspects 6.1.1 General information The ISDN calling line identity CLI6.1.2 Settings for TCP/IP 6.1.3 Settings for IPX6.1.4 Settings for NetBIOS routing Chapter 6 Providing dial- up accessUser SAMPLE 6.2 Settings for the dial-in computer 6.2.1 Dial-up via VPN6.2.2 Dial-up via ISDN 6.3 Instructions for LANconfig 6.4 Instructions for WEBconfigChapter 6 Providing dial- up access From the main menu, launch the Connect two local networks wizard7 Sending faxes with LANCAPI Chapter 7 Sending faxes with LANCAPI7.1 Installation of the LANCOM CAPI fax modem Chapter 7 Sending faxes with LANCAPI7.2 Installation of the MS Windows fax service Select the option Printers and Faxes from the control panelChapter 7 Sending faxes with LANCAPI 7.3.2 Send a fax with the MS Windows fax service 7.3 Sending a fax7.3.1 Send a fax with any given office application LANCOM 7111 VPN - LANCOM 8011 VPN Chapter 7 Sending faxes with LANCAPI8 Security settings 8.1 The security settings wizard8.1.1 Wizard for LANconfig 8.1.2 Wizard for WEBconfig 8.2.1 Wizard for LANconfig8.2 The firewall wizard 8.3 The security checklist 8.2.2 Configuration under WEBconfigRules Have you activated the Firewall? Have you assigned a password for the configuration?Have you permitted remote configuration? Do you make use of a ’Deny All’ Firewall strategy?Is your saved LANCOM router configuration stored in a safe place? Have you excluded certain stations from access to the router?Have you closed critical ports with filters? Chapter 8 Security settings9.1 No WAN connection is established 9 TroubleshootingProblems with the cabling? 9.2 DSL data transfer is slowIncreasing the TCP/IP window size under Windows 9.4 Cable testing9.3 Unwanted connections under Windows XP LAN statisticsChange then to menu item Expert configuration Status LAN statis LANCOM 7111 VPN 10.1 Performance data and specifications10 Appendix LANCOM 8011 VPNLANCOM 7111 VPN LANCOM 8011 VPNChapter 10 Appendix 10.2.2 ISDN-S0 interface 10.2 Contact assignment10.2.1 DSL interface Connector10.2.3 Ethernet interfaces 10/100Base-T 10.2.4 Configuration interface Outband10.3 CE declaration of conformity ConnectorIndex Numerics12, 14, 16 Authentication dataBasic configuration see status displaysEnable software compression Setting up access to the InternetVirtual Private Network VPN