Home
/
Lancom
/
821+
/
Manual

Lancom 821+, Manual

Share

48 pages before
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

Page: 63 / 76

background image

LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721 VPN

Chapter 8: Security settings

62

EN

Have you permitted remote configuration?

If you do not require remote configuration, please ensure to switch it off.
If you need to make use of remote configuration, ensure that you do not
fail to password-protect the configuration (see the section above). The
field for disenabling remote configuration is to be found in LANconfig in
the 'Management' configuration area on the 'Security' tab. Under ‘Access
rights – From remote networks’ select the option ‘denied’ for all methods
of configuration.

Have your password- protected the SNMP configuration?

Protect the SNMP configuration with a password too. The field for pass-
word-protecting the SNMP configuration is also to be found in LANconfig
in the 'Management' configuration area on the 'Security' tab.

Have you activated the firewall?

The stateful inspection firewall of LANCOM devices ensures that you local
network cannot be attacked from the outside. Activate the firewall in
LANconfig under 'Firewall/QoS' on the 'General' tab.



Note that firewall security mechanisms (incl. IP masquerading, port
filters, access lists) are active only for data connections that are trans-
mitted via the IP router. Direct data connections via the bridge are not
protected by the firewall!

Are you using a 'deny all' firewall strategy?

Maximum security and control is initially achieved by denying all data
traffic from passing the firewall. The only connections to be accepted by
the firewall are those that are to be explicitly permitted. This ensures that
Trojan horses and certain types of e-mail virus are denied communication
to the outside. Activate the firewall rules in LANconfig under 'Firewall/
QoS' on the 'Rules' tab. Instructions on this are to be found in the refe-
rence manual.

Have you activated IP masquerading?

IP masquerading refers to the concealment of local computers while they
access the Internet. All that is revealed to the Internet is the IP number of
the router module of the device. The IP address can be fixed or dynami-
cally assigned by the provider. The computers in the LAN then use the rou-
ter as a gateway and are not visible themselves. The router separates the
Internet from the intranet like a wall. The application of IP masquerading
is set in the routing table for every route individually. The routing table can

«
...
61
62
63
64
65
...
»

Summary of Contents for 821+

Page 1: ...com eu Internet www lancom eu LANCOM 821 LANCOM 1711 VPN LANCOM 1721 VPN LANCOM 821 LANCOM 1711 VPN LANCOM 1721 VPN Handbuch Manual c o n n e c t i n g y o u r b u s i n e s s 110642_LC 821plus 1711pl...

Page 2: ...LANCOM 821 LANCOM 1711 VPN LANCOM 1721 VPN...

Page 3: ...t at the time of printing Trademarks Windows Windows Vista Windows XP and Microsoft are registered trademarks of Microsoft Corp The LANCOM Systems logo LCOS and the name LANCOM are registered trademar...

Page 4: ...r with appropriate comments placed beside the text In the other parts of the documentation all described models have been clas sified under the general term LANCOM Router Security settings To maximize...

Page 5: ...ons LANCAPI Further server services DHCP DNS charge management This documentation was created by several members of our staff from a variety of departments in order to ensure you the best possible sup...

Page 6: ...OM support please see the enclosed leaf let or the LANCOM Systems website Information symbols Very important instructions Failure to observe this may result in damage Important instruction that should...

Page 7: ...the software setup 24 2 5 2 Which software should I install 24 3 Basic configuration 25 3 1 What details are necessary 25 3 1 1 TCP IP settings 25 3 1 2 Configuration protection 27 3 1 3 Settings for...

Page 8: ...TCP IP 51 6 1 3 Settings for IPX 52 6 1 4 Settings for NetBIOS routing 52 6 2 Settings for the dial in computer 53 6 2 1 Dial up via VPN 53 6 2 2 Dial up via ISDN 53 6 3 Instructions for LANconfig 53...

Page 9: ...Unwanted connections under Windows XP 66 9 4 Cable testing 66 10 Appendix 68 10 1 Performance data and specifications 68 10 2 Contact assignment 69 10 2 1 WAN interface 69 10 2 2 ADSL interface 69 10...

Page 10: ...st common tech nology for broadband Internet connections Standard and almost ubiquitous telephone lines analog or DSL are the basis for DSL data transfer to the near est telephone exchange From here t...

Page 11: ...With the additional LANCOM VPN Option VPN support can be extended to 25 active tun nels incl activated hardware accelerator The following structure results when using the Internet instead of direct co...

Page 12: ...one another as would be the case for conventional direct connections A single Internet access can be used to establish multiple simultaneous logical connections to a variety of remote stations The re...

Page 13: ...ection for DSL or cable modem Integrated ADSL modem ADSL2 ready ISDN S0 bus in multi device mode or in point to point mode with auto matic D channel protocol identification Supports static and dynamic...

Page 14: ...additionally terminal mode for Telnet or other terminal programs SNMP interface and TFTP server function Remote configuration via ISDN with ISDN PPP connections e g via Win dows network and dial up c...

Page 15: ...g the installation In addition to the device itself the package should contain the following accessories If anything is missing please contact your retailer or the address stated on the delivery slip...

Page 16: ...is switched on or off at regular intervals in the respective indicated colour Flashing means that the LED lights up very briefly in the respective col our and stay then clearly longer approximately 10...

Page 17: ...t green The power LED flashes red green in alternation until a configuration password has been specified Without a configuration password the configuration data of the LANCOM is insecure Under normal...

Page 18: ...f a time or connect charge limit has been reached you will be notified in LANmonitor To reset the connect charge protection select Reset Charge and Time Limits in the context menu right mouse click Yo...

Page 19: ...Inverse flashing Opening an additional connection Green Permanently At least one logical connection is established Green Inverse flickering Data traffic send or receive off not connected green blinki...

Page 20: ...3 2 Device connectors The connections and switches of the router are located on the back panel off No connection established green Blinking Dialling green Flashing Establishing first connection green...

Page 21: ...connection Serial configuration port ISDN S0 port ADSL port Reset switch LANCOM 1711 VPN Voltage switch Connection for the included power adapter Switch with four 10 100Base Tx connections WAN port US...

Page 22: ...is conse quently a risk that the configuration will be deleted by mistake of a co worker presses the reset button too long With the suitable setting the behavior of the reset button can be controlled...

Page 23: ...r to an individual PC For that purpose plug the included network cable green plugs into the LAN connector of the device and the other end into a free network connecting socket of your local network in...

Page 24: ...nal WAN line for remote maintenance backup con nections or dynamic VPN Connect to power Connect socket of the unit to a power supply using the included power adapter Use the supplied power supply unit...

Page 25: ...selection menus will appear on screen 2 5 2 Which software should I install LANconfig is the Windows configuration program for all LANCOM routers and LANCOM access points WEBconfig can be used altern...

Page 26: ...e computers in the LAN so that they can access the device without prob lem 3 1 What details are necessary The Basic Settings Wizard is used to set the LANCOM VPN Routers basic TCP IP parameters and to...

Page 27: ...automatic TCP IP configuration is optional Instead of this you can select manual configuration Make this selection after considering the following Select automatic configuration if you are not famili...

Page 28: ...DNS server in the Server mode of operation 3 1 2 Configuration protection Using a password secures access to the LANCOM VPN Router s configuration and thus prevents unauthorized modification The devic...

Page 29: ...ction 3 1 5 Charge protection Charge protection prevents DSL connections being established above and beyond a predefined amount and therefore protects you from unexpectedly high connection charges If...

Page 30: ...password for configuration access Note that the password is case sensitive and ensure that it is sufficiently long at least 6 characters In addition you may specify whether the device may only be conf...

Page 31: ...sses share the assignment in the LAN of IP addresses to symbolic names Following power on unconfigured LANCOM devices first check whether a DHCP server is already active in the LAN Depending on the si...

Page 32: ...accessed with address x x x 254 the x s stand for the first three blocks in the IP address of the configuration computer Network with DHCP server If a DHCP server for the assignment of IP addresses i...

Page 33: ...dress assigned to the LANCOM by DHCP and access the device directly using this IP address Use the serial configuration interface to connect a computer running a terminal program to the device Login Wh...

Page 34: ...ut ers within the local network DNS server translates network names www lancom de or names of computers www lancom de to actual IP addresses The LANCOM can perform the functions of both a default gate...

Page 35: ...s it to the PCs in the LAN as the standard gateway In addition the DHCP server should also specify the LANCOM as a DNS server Manual IP address assignment If the IP addresses in the network are assign...

Page 36: ...en connected to Does the Setup Wizard know your Internet provider The Wizard is preset with access data for the principal Internet providers in your country and offers you a selection list If you find...

Page 37: ...t you can opt to keep flatrate connections permanently active keep alive In case a connection should fail it is re estab lished automatically Creating a backup connection to the Internet The most comm...

Page 38: ...up a backup connection Select the corresponding WAN interface to be used for the backup connection and enter the relevant access data for the Internet connection The Wizard then sets up the alternati...

Page 39: ...inish 4 2 The Firewall Wizard Your LANCOM features a stateful inspection firewall and firewall filter that provides effective protection from the Internet for your LAN The core concept of the stateful...

Page 40: ...te to In the next step you define the source and destination sta tions that the rule applies to and the actions that are to be carried out by the rule on a data packet Finally the new rule is given a...

Page 41: ...t the configuration information provided matches The following instructions will assume that LANCOM Router devices are being used on both sides A network interconnection may also be realized with rout...

Page 42: ...en the entries 5 1 1 General information The following details are required for the installation of LAN to LAN couplings The first column indicates whether the information is required for network coup...

Page 43: ...r its identification Enter the subscriber number of the remote station in the ISDN subscriber number field The complete subscriber number including all necessary area and country codes is required The...

Page 44: ...ns 5 1 2 Settings for the TCP IP router In TCP IP networks addressing has a special significance Please note that two interconnected networks are logically separate from one another Each must therefor...

Page 45: ...hidden behind the VPN gateway s IP address instead Therefore the stations within the remote LAN cannot access IP stations in the other LAN directly For example if a headquarters LAN in Extranet VPN mo...

Page 46: ...type binding Specifying the IPX network number and binding used is not necessary if the remote network also contains a Novell server It is only necessary to enter the network number for the WAN manual...

Page 47: ...iguration of both routers you can test the network connection Try to contact a computer in the remote LAN e g with a ping The LANCOM Router should automatically set up a connection to the remote stati...

Page 48: ...is even possible to simultaneously couple multiple routers to a central network In LANconfig mark the routers at branch offices which are to be coupled to a central router via VPN Use drag drop by mo...

Page 49: ...vice properties 5 4 Instructions for WEBconfig Under WEBconfig the coupling of networks via VPN cannot be con figured using the wizard It can only be set up in the expert configu ration For details pl...

Page 50: ...er or an ISDN modem The data transfer protocol is PPP Therefore the support of all usual devices and operating systems is ensured A setup wizard handles the configuration of the dial in connection in...

Page 51: ...hemselves with this information when dialling in Incoming number The LANCOM Router uses the optional ISDN caller ID as an additional user authentication This security function should not be used when...

Page 52: ...e addresses from the address range of your local network are used In our example the IP address 10 0 1 101 will be assigned to the PC when con necting This IP address makes the computer a fully fledge...

Page 53: ...fied network numbers must be distinct from one another and from all used internal IPX network numbers In addition it may be necessary to enter the frame type binding Specifying the IPX network number...

Page 54: ...er 6 2 2 Dial up via ISDN A number of settings must be configured on the dial in computer These are briefly listed here based on a Windows computer Dial Up Networking or another PPP client must be cor...

Page 55: ...Setup Wizard and exported to a file This file can then be imported as a profile by the LANCOM Advanced VPN Client All of the information about the LANCOM VPN Router s configuration is also included an...

Page 56: ...LANCOM VPN Router the internal domain is used here or alternatively a a DynDNS name or IP address VPN IP networks All IP networks defined in the device as type Intranet Preshared key Randomly generat...

Page 57: ...re supplied via the network without the necessity of additional hardware at each individ ual workstation thus eliminating the costs of equipping the workstations with ISDN adapters or modems All you n...

Page 58: ...I Faxmodem Select the entry Install LANCOM software in the setup program of your LANCOM CD Highlight the option CAPI Faxmodem click Next and follow the instruc tions of the installation routine When t...

Page 59: ...with the right mouse button on the fax icon and select Properties The LANCOM CAPI Faxmodem should now be entered into register devices 7 3 Sending a fax After installing all required components you ha...

Page 60: ...ill guide you through the remaining sending process 7 3 2 Send a fax with the MS Windows fax service Open the window Printers and Faxes from the control panel Double click with the left mouse button t...

Page 61: ...orized con figuration access endangers not only a single device but the entire network Your LANCOM has a password protection for the configuration access This protection is already activated during th...

Page 62: ...tocols for the configuration access of local and remote net works parameters of configuration lock number of failed log in attempts and duration of the lock 8 2 The security checklist The following ch...

Page 63: ...ity mechanisms incl IP masquerading port filters access lists are active only for data connections that are trans mitted via the IP router Direct data connections via the bridge are not protected by t...

Page 64: ...ess is entered with its associated netmask the filter is activated and only the IP addresses contained in this entry are entitled to make use of internal functions Further entries can be used to exten...

Page 65: ...l cause the configuration to be deleted The configuration is not written to the non volatile flash memory A loss of power because the device has been relocated will cause the entire confi guration to...

Page 66: ...n Has the correct transfer protocol been selected The transfer protocol is set along with the basic settings The basic setup wiz ard will enter the correct settings for numerous DSL providers automati...

Page 67: ...ow to increase the Windows size can be found in the Know ledge Base of the support section of the LANCOM web site www lancom de 9 3 Unwanted connections under Windows XP Windows XP computers attempt t...

Page 68: ...statis tics Cable test results The results of the cable test for the individual interfaces are show up in a list The following results can occur OK Cable plugged in correctly line ok open with distanc...

Page 69: ...nal power supply Permitted power supplies NEST 12V 1A DC S Hohlstkr 2 1 5 5mm RoHS LANCOM item no 110524 Type identification on the power supply Type 15 2230S Housing 210 x 143 x 45 mm W x H x D rugge...

Page 70: ...10 Appendix 69 EN 10 2 Contact assignment 10 2 1 WAN interface Only LANCOM 1711 VPN 8 pin RJ45 socket 10 2 2 ADSL interface Only LANCOM 821 and LANCOM 1721 VPN 6 pin RJ11 socket Connector Pin IAE 1 T...

Page 71: ...2 3 ISDN S0 interface 8 pin RJ45 socket corresponding to ISO 8877 EN 60603 7 10 2 4 Ethernet interface 10 100Base TX 8 pin RJ45 socket corresponding to ISO 8877 EN 60603 7 Connector Pin Line IAE 1 2 3...

Page 72: ...declares that the devices of the type described in this documentation are in agreement with the basic requirements and other relevant regulations of the 1995 5 EC directive The CE declarations of conf...

Page 73: ...le 14 Configuration password 61 Configuration port 20 Configuration protection 13 27 28 Connect charge protection 29 Contact assignment 69 ADSL interface 69 Configutation interface 71 DSL interface 70...

Page 74: ...Frame type 45 Internal Net Number 52 IPX conventions 45 IPX router 11 Settings 44 ISDN caller ID 42 50 51 Connector cable 14 D channel 51 MSN 28 password for connection 43 S0 port 20 ISDN connection B...

Page 75: ...nction 9 Routing table 62 S Searching for Windows workgroups 45 Security Firewall wizard 61 Security settings wizard 60 Security checklist 61 Security settings 65 SNMP Configuration protection 62 Soft...

Page 76: ...LANCOM 821 LANCOM 1711 VPN LANCOM 1721 VPN Index 75 EN W WAN Connector cable 14 WEBconfig 30 System requirements 15...

Reviews:

No comments

Related manuals for 821+

Brand: Zenitel Pages: 29

EWP-WA6630X-JP-FIT

Brand: H3C Pages: 34

Brand: Rawafed Libya Pages: 22

Brand: Ubiquiti Pages: 16

BLUESOCKET 1930

Brand: ADTRAN Pages: 4

Brand: Billion Pages: 130

Brand: Technicolor Pages: 80

Brand: DQ Technology Pages: 43

Brand: Alvarion Pages: 11

BreezeACCESS VL 5.4

Brand: Alvarion Pages: 157

QUARTZ-LITE LTE (EU)

Brand: SIRETTA Pages: 28

Brand: Air Live Pages: 18

Brand: Teltonica Pages: 141

Brand: Ebyte Pages: 33

Brand: RFM Pages: 52

Brand: Linksys Pages: 24

Brand: Z-Com Pages: 35

WINDY31 WINDY31

Brand: SyNET Pages: 10

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands