background image

LANCOM

 1721+

Scope of features: as of LCOS version 7.8x

Firewall 

Stateful inspection firewall

Incoming/Outgoing Traffic inspection based on connection information. Trigger for firewall rules depending on backup status, 
e.g. simplified rule sets for low- bandwidth backup lines. Limitation of the number of sessions per remote site (ID)

Packet filter

Check based on the header information of an IP packet (IP or MAC source/destination addresses; source/destination ports, 
DiffServ attribute); remote- site dependant, direction dependant, bandwidth dependant

Extended port forwarding

Network Address Translation (NAT) based on protocol and WAN address, i.e. to make internal webservers accessible from WAN

N:N IP address mapping

N:N IP address mapping for translation of IP addresses or entire networks

Tagging

The firewall marks packets with routing tags, e.g. for policy- based routing

Actions

Forward, drop, reject, block sender address, close destination port, disconnect

Notification

Via e- mail, SYSLOG or SNMP trap

Quality of Service

Traffic shaping

Dynamic bandwidth management with IP traffic shaping

Bandwidth reservation

Dynamic reservation of minimum and maximum bandwidths, totally or connection based, separate settings for send and receive 
directions. Setting relative bandwidth limits for QoS in percent

DiffServ/TOS

Priority queuing of packets based on DiffServ/TOS fields 

Packet- size control

Automatic packet- size control by fragmentation or Path Maximum Transmission Unit (PMTU) adjustment

Layer 2/Layer 3 tagging

Automatic or fixed translation of layer- 2 priority information (802.11p- marked Ethernet frames) to layer- 3 DiffServ attributes in 
routing mode. Translation from layer 3 to layer 2 with automatic recognition of 802.1p- support in the destination device

Security

Intrusion Prevention

Monitoring and blocking of login attempts and port scans

IP spoofing

Source IP address check on all interfaces: only IP addresses belonging to the defined IP networks are allowed

Access control lists

Filtering of IP or MAC addresses and preset protocols for configuration access and LANCAPI

Denial of Service protection

Protection from fragmentation errors and SYN flooding

General

Detailed settings for handling reassembly, PING, stealth mode and AUTH port

URL blocker

Filtering of unwanted URLs based on DNS hitlists and wildcard filters

Password protection

Password- protected configuration access can be set for each interface

Alerts

Alerts via e- mail, SNMP- Traps and SYSLOG

Authentication mechanisms

PAP, CHAP, MS- CHAP and MS- CHAPv2 as PPP authentication mechanism

Anti- theft

Anti- theft ISDN site verification over B or D channel (self- initiated call back and blocking)

Adjustable reset button

Adjustable reset button for 'ignore', 'boot- only' and 'reset- or- boot'

High availability / redundancy

VRRP

VRRP (Virtual Router Redundancy Protocol) for backup in case of failure of a device or remote station. Enables passive standby 
groups or reciprocal backup between multiple active devices including load balancing and user definable backup priorities

FirmSafe

For completely safe software upgrades thanks to two stored firmware versions, incl. test mode for firmware updates

ISDN backup

In case of failure of the main connection, a backup connection is established over ISDN. Automatic return to the main connection

Analog/GSM modem backup

Optional operation of an analog or GSM modem at the serial interface

Load balancing

Static and dynamic load balancing over up to 4 WAN connections. Channel bundling with Multilink PPP (if supported by network 
operator)

VPN redundancy

Backup of VPN connections across different hierarchy levels, e.g. in case of failure of a central VPN concentrator and re- routing 
to multiple distributed remote sites. Any number of VPN remote sites can be defined (the tunnel limit applies only to active 
connections). Up to 32 alternative remote stations, each with its own routing tag, can be defined per VPN connection. Automatic 
selection may be sequential, or dependant on the last connection, or random (VPN load balancing)

Line monitoring

Line monitoring with LCP echo monitoring, dead- peer detection and up to 4 addresses for end- to- end monitoring with ICMP 
polling

VPN

Number of VPN tunnels

5 IPSec connections active simultaneously (25 with VPN- 25 Option), unlimited configurable connections. Configuration of all 
remote sites via one configuration entry when using the RAS user template or Proadaptive VPN. Max. total sum of concurrently 
active IPSec and PPTP tunnels: 5 (25 with VPN 25 Option) 

Hardware accelerator

Integrated hardware accelerator for 3DES/AES encryption and decryption

1- Click- VPN Client assistant

One click function in LANconfig to create VPN client connections, incl. automatic profile creation for the LANCOM Advanced 
VPN Client

1- Click- VPN Site- to- Site

Creation of VPN connections between LANCOM routers via drag and drop in LANconfig

IKE

IPSec key exchange with Preshared Key or certificate

Summary of Contents for 1721+ VPN

Page 1: ...ntegrated IPsec VPN channels upgradeable to 25 integrated hardware acceleration Supports VLANs and LANCOM Advanced Routing und Forwarding ARF Stateful inspection firewall with intrusion detection deni...

Page 2: ...e accelerator and support of digital certificates More Management The management software LANconfig and LANmonitor are included and offer not only cost effective remote maintenance of entire installat...

Page 3: ...rd protected configuration access can be set for each interface Alerts Alerts via e mail SNMP Traps and SYSLOG Authentication mechanisms PAP CHAP MS CHAP and MS CHAPv2 as PPP authentication mechanism...

Page 4: ...or the VPN connection Specific DNS forwarding DNS forwarding according to DNS domain e g internal names are translated by proprietary DNS servers in the VPN External names are translated by Internet D...

Page 5: ...COM managed switches Firwall GUI Graphical user interface for configuring the object oriented firewall in LANconfig Tabular presentation with symbols for rapid understanding of objects choice of symbo...

Page 6: ...Snapshot function for regular read out of values at the end of a billing period Timed CRON command to reset all counters at once Export Accounting information exportable via LANmonitor and SYSLOG Hard...

Page 7: ...Windows Vista Windows 7 10 licenses item no 61601 VPN Client Software LANCOM Advanced VPN Client for Windows XP Windows Vista Windows 7 25 licenses item no 61602 Item numbers LANCOM 1721 VPN EU 61353...

Reviews: