Manuals / Lancom Systems / Computer Equipment / Network Router

Lancom Systems 8011 VPN manual Appendix, Performance data and specifications, LANCOM 7111 VPN

Models: 8011 VPN 7111 VPN

1 77

Download 77 pages 46.77 Kb

Page 70

Chapter 10: Appendix

EN

LANCOM 7111 VPN – LANCOM 8011 VPN

Chapter 10: Appendix

10 Appendix

10.1Performance data and specifications

	LANCOM 7111 VPN		LANCOM 8011 VPN
Firewall	Stateful inspection, IP packet filter with port ranges; masquerading (NAT/PAT) of TCP,
	UDP, ICMP, FTP, PPTP, H.323, NetMeeting IRC and IPSec; DNS forwarding; inverse mas-
	querading for IP services from the Intranet such as web server; support of 2 local net-
	works; e.g. DMZ with own IP address range without NAT, port mapping.

Quality of Service	Dynamic bandwidth management with IP traffic-shaping/limiting with dynamic, abso-
	lute or per connection transfer limits or guaranteed minimum bandwidths, separated
	from send or receive site, TOS or DiffServ priority queuing, automatic packet size
	adoption incl. PMTU adjustment or fragmentation.

Security	Intrusion detection (IP spoofing, login attempt, port scans), denial-of-service protec-
	tion (fragmentation error, SYNflooding, automatic closing of ports/connections). DNS
	hitlist as well as wild card filter (URL blocking). High availability with ISDN dial backup
	for Internet access or VPN connections. Email alerting, SNMP traps and SYSLOG. PAP,
	CHAP and MS-CHAP as PPP authentification, password-protected configuration
	remote access per interface, access control list (IP, MAC and protocol filter) for config-
	uration access and LANCAPI, ISDN remote access list. FirmSafe with two firmware ver-
	sions for absolute secure software upgrades.

VPN/IPSec	100 IPSec sessions parallel.		200 IPSec sessions parallel. Can be
			upgraded to 500 or 1000 channels.
	Encryption methods: AES and 3-DES (for LANCOM 8011 VPN with hardware accelera-
	tion), Blowfish, CAST, MD-5 or SHA-1 Hashes IKE with Preshared Keys, IKE config
	mode. Up to 8 redundant VPN gateways for load balancving and high availability.

IPSec clients	LANCOM Advanced VPN Client for windows operating systems, incl. firewall, auto-
	matic line management, X.auth/Config Mode, IPCOMP etc., available in different
	license scales.

LANCOM Dynamic VPN	Connection to dynamic IP addresses: transferring of the dynamic IP address via ISDN B
	or D channel, IKE main mode. Connection from dynamic to static IP addresses:
	encrypted transferring of the dynamic IP address via ICMP or UDP packet, IKE Main
	Mode.

Router modes, services and	IP, IPX and NetBIOS/IP multi protocol Router, HTTP and HTTPS Server (WEBconfig),
interfaces	DNS Client, DNS Server, DNS Relay, DNS Proxy, DHCP Client, DHCP Relay and DHCP
	Server incl. auto detection, Dynamic DNS Client, NTP Client, SNTP Server, NetBIOS/IP
	Proxy, N : N IP address mapping

LAN protocols	IP: ARP, Proxy ARP, IP, ICMP, UDP, TCP, TFTP, RIP-1, RIP-2, DHCP, DNS, SNMP, HTTP,
	HTTPS, BOOTP, NTP/SNTP, NetBIOS, RADIUS, LANCAPI
	IPX: RIP, SAP, IPX and SPX watchdogs, NetBIOS watchdogs
WAN protocols	PPPoE, Multi-PPPoE, PPTP (PAC or PNS) and Plain Ethernet (with and without DHCP)
WAN protocols (ISDN)	D channel: 1TR6, DSS1 (Euro ISDN); B channel: PPP (asynchronous/synchronous),
	X.75, HDLC, ML PPP for channel bundling, V.110/GSM/HSCSD, CAPI 2.0 via LANCAPI,
	Stac data compression, leased line support for D64, D64S2, D64SY

70

Image 70

Lancom Systems manual Appendix, Performance data and specifications, LANCOM 7111 VPN, LANCOM 8011 VPN

Contents

LANCOM 7111 VPN LANCOM 8011 VPN 2004 LANCOM Systems GmbH, Wuerselen Germany. All rights reserved Security settings PrefaceUser manual and reference manual Model variantsThis documentation was compiled … Notes symbolsinfo@lancom.de 3 Basic configuration Contents2 Installation 4 Setting up Internet access7 Sending faxes with LANCAPI Providing dial-up access5 Linking two networks Security settings9 Troubleshooting Appendix1.1 Which use does VPN offer? 1 IntroductionChapter 1 Introduction Access Service - RAS Conventional network infrastructureA subsidiary is connected to the LAN, typically using a leased line Chapter 1 IntroductionNetworking via the Internet 1.2 Firewall Further important features of the Firewall are Intrusion DetectionQuality-of-Service / Traffic management 1.3 What does a router do?Denial-of-Service Protection LANCOM CD1.3.2 Areas of deployment for routers Internet access for a LAN e.g. via DSL or ISDN1.3.1 Bridgehead to the WAN LAN to LAN coupling via VPN or ISDNRemote access to the company network via VPN or ISDN 1.4 What can your LANCOM router do?WAN connection LANCOMLANCOM LAN connectionLANCOM Quality of ServiceConfiguration Optional software extensions2.1 Package contents 2 Installation2.2 System preconditions Front side 2.3 Introducing LANCOM router2.3.1 Status displays Meanings of the LEDsThe Online LED indicates the overall status of all WAN ports Chapter 2 Installationand the LED remains lit green inverse flashingCompletely deactivate the lock that has been triggered set limit to Flashing Power LED but no connection?Chapter 2 Installation LANCOMConnection status of the WAN connection Chapter 2 InstallationNot connected or no S0 voltage no error message Data traffic via the WAN connectionLCD display 2.4 Hardware installation 2.3.2 The back of the unitWAN - connect the WAN port with the included connector cable dark blue plug e. g. with the ethernet port of a DSL modem or of a cable modem 2.5 Software installation 2.5.1 Starting LANCOM setup2.5.2 Which software should you install? 3.1.1 TCP/IP settings 3 Basic configuration3.1 Which information is necessary? Information required for manual TCP/IP configuration New LAN-fully automatic configuration possibleConfigure manually nevertheless? IP address and netmask for the LANCOM router3.1.4 Settings for the ISDN connection 3.1.2 Configuration protection3.1.3 Settings for the DSL connection Enable DHCP server?3.1.5 Connect charge protection 3.2 Instructions for LANconfigLANconfig Chapter 3 Basic configurationComplete the configuration with Finish Network without DHCP server 3.3 Instructions for WEBconfigChapter 3 Basic configuration Starting the wizards in WEBconfig Network with DHCP serverPage Entering the password in the web browser 3.4 TCP/IP settings to workstation PCs IP address assignment via the LANCOM router defaultManual IP address assignment IP address assignment via a separate DHCP serverChapter 3 Basic configuration Additional information for unknown Internet providers 4 Setting up Internet accessDoes the setup wizard know your Internet provider? Chapter 4 Setting up Internet accessChapter 4 Setting up Internet access Additional connection optionsISDN - dial-in number User name and password Dynamic channel bundling ISDN only4.2 Instructions for WEBconfig 4.1 Instructions for LANconfigLANconfig Quick access to the setup wizards 5 Linking two networks Always configure both sidesSecurity aspects 5.1 What information is necessary? 5.1.1 General informationThe name of the remote station is needed for its identification Chapter 5 Linking two networks 5.1.2 Settings for the TCP/IP routerNetmask DNS access to the remote LAN 5.1.3 Settings for the IPX routerExtranet VPN 5.1.4 Settings for NetBIOS routing 5.2 Instructions for LANconfig 5.3 Instructions for WEBconfigPing - quick testing for TCP/IP connections 6.1 Which information is required? 6 Providing dial-up accessSecurity aspects 6.1.1 General information The ISDN calling line identity CLI6.1.2 Settings for TCP/IP 6.1.3 Settings for IPXChapter 6 Providing dial- up access 6.1.4 Settings for NetBIOS routingUser SAMPLE 6.2.1 Dial-up via VPN 6.2 Settings for the dial-in computer6.2.2 Dial-up via ISDN 6.3 Instructions for LANconfig 6.4 Instructions for WEBconfigChapter 6 Providing dial- up access From the main menu, launch the Connect two local networks wizard7 Sending faxes with LANCAPI Chapter 7 Sending faxes with LANCAPI7.1 Installation of the LANCOM CAPI fax modem Chapter 7 Sending faxes with LANCAPISelect the option Printers and Faxes from the control panel 7.2 Installation of the MS Windows fax serviceChapter 7 Sending faxes with LANCAPI 7.3 Sending a fax 7.3.2 Send a fax with the MS Windows fax service7.3.1 Send a fax with any given office application LANCOM 7111 VPN - LANCOM 8011 VPN Chapter 7 Sending faxes with LANCAPI8.1 The security settings wizard 8 Security settings8.1.1 Wizard for LANconfig 8.2.1 Wizard for LANconfig 8.1.2 Wizard for WEBconfig8.2 The firewall wizard 8.2.2 Configuration under WEBconfig 8.3 The security checklistRules Have you activated the Firewall? Have you assigned a password for the configuration?Have you permitted remote configuration? Do you make use of a ’Deny All’ Firewall strategy?Is your saved LANCOM router configuration stored in a safe place? Have you excluded certain stations from access to the router?Have you closed critical ports with filters? Chapter 8 Security settings9.1 No WAN connection is established 9 TroubleshootingProblems with the cabling? 9.2 DSL data transfer is slowIncreasing the TCP/IP window size under Windows 9.4 Cable testing9.3 Unwanted connections under Windows XP LAN statisticsChange then to menu item Expert configuration Status LAN statis LANCOM 7111 VPN 10.1 Performance data and specifications10 Appendix LANCOM 8011 VPNLANCOM 8011 VPN LANCOM 7111 VPNChapter 10 Appendix 10.2.2 ISDN-S0 interface 10.2 Contact assignment10.2.1 DSL interface Connector10.2.3 Ethernet interfaces 10/100Base-T 10.2.4 Configuration interface Outband10.3 CE declaration of conformity ConnectorIndex Numerics12, 14, 16 Authentication dataBasic configuration see status displaysEnable software compression Setting up access to the InternetVirtual Private Network VPN