LANCOM
1721+
Scope of features: as of LCOS version 7.8x
Certificates
X.509 digital multi- level certificate support, compatible with Microsoft Server / Enterprise Server and OpenSSL, upload of
PKCS#12 files via HTTPS interface and LANconfig. Simultaneous support of multiple certification authorities with the
management of up to nine parallel certificate hierarchies as containers (VPN- 1 to VPN- 9). Simplified addressing of individual
certificates by the hierarchy's container name (VPN- 1 to VPN- 9). Wildcards for certificate checks of parts of the identity in the
subject. Secure Key Storage protects a private key (PKCS#12) from theft
Certificate rollout
Automatic creation, rollout and renewal of certificates via SCEP (Simple Certificate Enrollment Protocol) per certificate hierarchy
Certificate revocation lists (CRL)
CRL retrieval via HTTP per certificate hierarchy
XAUTH
XAUTH client for registering LANCOM routers and access points at XAUTH servers incl. IKE- config mode. XAUTH server enables
clients to register via XAUTH at LANCOM routers. Connection of the XAUTH server to RADIUS servers provides the central
authentication of VPN- access with user name and password. Authentication of VPN- client access via XAUTH and RADIUS
connection additionally by OTP token
RAS user template
Configuration of all VPN client connections in IKE ConfigMode via a single configuration entry
Proadaptive VPN
Automated configuration and dynamic creation of all necessary VPN and routing entries based on a default entry for site- to-
site connections. Propagation of dynamically learned routes via RIPv2 if required
Algorithms
3DES (168 bit), AES (128, 192 or 256 bit), Blowfish (128 bit), RSA (128 or - 448 bit) and CAST (128 bit). OpenSSL implementation
with FIPS- 140 certified algorithms. MD- 5 or SHA- 1 hashes
NAT- Traversal
NAT- Traversal (NAT- T) support for VPN over routes without VPN passthrough
IPCOMP
VPN data compression based on LZS or Deflate compression for higher IPSec throughput
LANCOM Dynamic VPN
Enables VPN connections from or to dynamic IP addresses. The IP address is communicated via ISDN B- or D- channel or with
the ICMP or UDP protocol in encrypted form. Dynamic dial- in for remote sites via connection template
Dynamic DNS
Enables the registration of IP addresses with a Dynamic DNS provider in the case that fixed IP addresses are not used for the
VPN connection
Specific DNS forwarding
DNS forwarding according to DNS domain, e.g. internal names are translated by proprietary DNS servers in the VPN. External
names are translated by Internet DNS servers
VPN throughput (max., AES)
1416- byte frame size UDP
46 Mbps
256- byte frame size UDP
8 Mbps
IMIX
14 Mbps
Firewall throughput (max.)
1518- byte frame size UDP
65 Mbps
256- byte frame size UDP
17 Mbps
Routing functions
Router
IP and NetBIOS/IP multi- protocol router
VLAN
VLAN ID definable per interface and routing context (4,094 IDs)
Q- in- Q tagging
Support of layered 802.1q VLANs
ARP lookup
Packets sent in response to LCOS service requests (e.g. for Telnet, SSH, SNTP, SMTP, HTTP(S), SNMP, etc.) via Ethernet can be
routed directly to the requesting station (default) or to a target determined by ARP lookup
Advanced Routing and Forwarding
Separate processing of 16 contexts due to virtualization of the routers. Mapping to VLANs and complete independent
management and configuration of IP networks in the device, i.e. individual settings for DHCP, DNS, Firewalling, QoS, VLAN,
Routing etc. Automatic learning of routing tags for ARF contexts from the routing table
HTTP
HTTP and HTTPS server for configuration by web interface
DNS
DNS client, DNS server, DNS relay, DNS proxy and dynamic DNS client
DHCP
DHCP client, DHCP relay and DHCP server with autodetection. Cluster of several LANCOM DHCP servers per context (ARF
network) enables caching of all DNS assignments at each router
NetBIOS
NetBIOS/IP proxy
NTP
NTP client and SNTP server, automatic adjustment for daylight- saving time
Policy- based routing
Policy- based routing based on routing tags. Based on firewall rules, certain data types are marked for specific routing, e.g. to
particular remote sites or lines
Dynamic routing
Dynamic routing with RIPv2. Learning and propagating routes; separate settings for LAN and WAN. Extended RIPv2 including
HopCount, Poisoned Reverse, Triggered Update for LAN (acc. to RFC 2453) and WAN (acc. to RFC 2091) as well as filter options
for propagation of routes. Definition of RIP sources with wildcards
COM port server
COM port forwarding
COM- port server for DIN and USB interfaces. For multiple serial devices connected to it, the server also manages its own virtual
COM ports via Telnet (RFC 2217) for remote maintenance (works with popular virtual COM- port drivers compliant with RFC
2217). Switchable newline conversion and alternative binary mode. TCP keepalive according to RFC 1122 with configurable
keepalive interval, retransmission timeout and retries
VPN
