EN

LANCOM 7111 VPN – LANCOM 8011 VPN

Chapter 10: Appendix

10 Appendix

10.1Performance data and specifications

 

LANCOM 7111 VPN

 

LANCOM 8011 VPN

Firewall

Stateful inspection, IP packet filter with port ranges; masquerading (NAT/PAT) of TCP,

 

UDP, ICMP, FTP, PPTP, H.323, NetMeeting IRC and IPSec; DNS forwarding; inverse mas-

 

querading for IP services from the Intranet such as web server; support of 2 local net-

 

works; e.g. DMZ with own IP address range without NAT, port mapping.

 

 

Quality of Service

Dynamic bandwidth management with IP traffic-shaping/limiting with dynamic, abso-

 

lute or per connection transfer limits or guaranteed minimum bandwidths, separated

 

from send or receive site, TOS or DiffServ priority queuing, automatic packet size

 

adoption incl. PMTU adjustment or fragmentation.

 

 

Security

Intrusion detection (IP spoofing, login attempt, port scans), denial-of-service protec-

 

tion (fragmentation error, SYNflooding, automatic closing of ports/connections). DNS

 

hitlist as well as wild card filter (URL blocking). High availability with ISDN dial backup

 

for Internet access or VPN connections. Email alerting, SNMP traps and SYSLOG. PAP,

 

CHAP and MS-CHAP as PPP authentification, password-protected configuration

 

remote access per interface, access control list (IP, MAC and protocol filter) for config-

 

uration access and LANCAPI, ISDN remote access list. FirmSafe with two firmware ver-

 

sions for absolute secure software upgrades.

 

 

 

 

VPN/IPSec

100 IPSec sessions parallel.

 

200 IPSec sessions parallel. Can be

 

 

 

upgraded to 500 or 1000 channels.

 

Encryption methods: AES and 3-DES (for LANCOM 8011 VPN with hardware accelera-

 

tion), Blowfish, CAST, MD-5 or SHA-1 Hashes IKE with Preshared Keys, IKE config

 

mode. Up to 8 redundant VPN gateways for load balancving and high availability.

 

 

IPSec clients

LANCOM Advanced VPN Client for windows operating systems, incl. firewall, auto-

 

matic line management, X.auth/Config Mode, IPCOMP etc., available in different

 

license scales.

 

 

 

LANCOM Dynamic VPN

Connection to dynamic IP addresses: transferring of the dynamic IP address via ISDN B

 

or D channel, IKE main mode. Connection from dynamic to static IP addresses:

 

encrypted transferring of the dynamic IP address via ICMP or UDP packet, IKE Main

 

Mode.

 

 

 

Router modes, services and

IP, IPX and NetBIOS/IP multi protocol Router, HTTP and HTTPS Server (WEBconfig),

interfaces

DNS Client, DNS Server, DNS Relay, DNS Proxy, DHCP Client, DHCP Relay and DHCP

 

Server incl. auto detection, Dynamic DNS Client, NTP Client, SNTP Server, NetBIOS/IP

 

Proxy, N : N IP address mapping

 

 

 

LAN protocols

IP: ARP, Proxy ARP, IP, ICMP, UDP, TCP, TFTP, RIP-1, RIP-2, DHCP, DNS, SNMP, HTTP,

 

HTTPS, BOOTP, NTP/SNTP, NetBIOS, RADIUS, LANCAPI

 

IPX: RIP, SAP, IPX and SPX watchdogs, NetBIOS watchdogs

WAN protocols

PPPoE, Multi-PPPoE, PPTP (PAC or PNS) and Plain Ethernet (with and without DHCP)

WAN protocols (ISDN)

D channel: 1TR6, DSS1 (Euro ISDN); B channel: PPP (asynchronous/synchronous),

 

X.75, HDLC, ML PPP for channel bundling, V.110/GSM/HSCSD, CAPI 2.0 via LANCAPI,

 

Stac data compression, leased line support for D64, D64S2, D64SY

 

 

 

 

70

Page 70
Image 70
Lancom Systems 8011 VPN, 7111 VPN manual Appendix, Performance data and specifications