Lancom 7100 VPN Manual Download

Page: 1 / 70

110750/0310

LANCOM Systems GmbH

Adenauerstr. 20/B2

52146 Würselen

Germany

E-Mail: [email protected]

Internet www.lancom.eu

LANCOM

7100 VPN

LANCOM

9100 VPN

LANCOM

7100 VPN –

LANCOM

9100 VPN

쮿

Handbuch

쮿

Manual

110750_LC-7100-9100-MANUAL_cover1 1

19.03.2010 15:25:59

Summary of Contents for 7100 VPN

Page 1: ...l info lancom eu Internet www lancom eu LANCOM 7100 VPN LANCOM 9100 VPN LANCOM 7100 VPN LANCOM 9100 VPN 쮿 Handbuch 쮿 Manual c o n n e c t i n g y o u r b u s i n e s s 110750_LC 7100 9100 MANUAL_cover1 1 110750_LC 7100 9100 MANUAL_cover1 1 19 03 2010 15 25 59 19 03 2010 15 25 59 ...

Page 2: ...LANCOM 7100 VPN LANCOM 9100 VPN ...

Page 3: ...d trademarks of Microsoft Corp The LANCOM Systems logo LCOS and the name LANCOM are registered trademarks of LANCOM Systems GmbH All other names or descriptions used may be trademarks or registered trademarks of their owners Subject to change without notice No liability for technical errors or omissions Products from LANCOM Systems include software developed by the OpenSSL Project for use in the O...

Page 4: ... settings To maximize the security available from your product we recommend that you undertake all of the security settings e g firewall encryption access protec tion that were not already activated when you purchased the product The LANconfig Wizard Security Settings will help you with this task Further infor mation is also available in the chapter Security settings We would additionally like to ...

Page 5: ...stem used by LANCOM products This guide is an aid to users during the configu ration of devices by means of WEBconfig or the telnet console This documentation was created by several members of our staff from a variety of departments in order to ensure you the best possible support when using your LANCOM product Should you find any errors or if you would like to suggest improvements please do not h...

Page 6: ...Support please refer to the enclosed leaflet or the LANCOM Systems Web site Information symbols Very important instructions Failure to observe these may result in damage Important instruction that should be observed Additional information that may be helpful but is not essential ...

Page 7: ...ion 21 2 5 Software installation 22 2 5 1 Starting the software setup 22 2 5 2 Which software should I install 23 3 Basic configuration 24 3 1 Details you will need 24 3 1 1 TCP IP settings 24 3 1 2 Configuration protection 26 3 1 3 Charge protection 26 3 2 Instructions for LANconfig 27 3 3 Instructions for WEBconfig 28 3 4 TCP IP settings for PC workstations 32 4 Setting up Internet access 33 4 1...

Page 8: ...tBIOS routing 48 6 2 Settings on the dial in computer 48 6 2 1 Dialing in via VPN 48 6 2 2 Dialing in via ISDN 48 6 3 Instructions for LANconfig 49 6 4 1 Click VPN for LANCOM Advanced VPN Client 49 6 5 Instructions for WEBconfig 51 7 Fax transmission with LANCAPI 52 7 1 Installing the LANCOM CAPI Faxmodem 53 7 2 Installing the MS Windows Fax Service 54 7 3 Sending a fax 55 7 3 1 Sending faxes from...

Page 9: ...Slow DSL transmission 62 9 3 Unwanted connections under Windows XP 63 10 Appendix 64 10 1 Performance and characteristics 64 10 2 Connector wiring 65 10 2 1 Ethernet interface 10 100 1000Base TX DSL interface 65 10 2 2 ISDN S0 interface 65 10 2 3 Configuration interface outband 66 10 3 CE declarations of conformity 66 ...

Page 10: ...U overheat The integrated firewall with security functions such as stateful inspection intrusion detection and denial of service protection is supplemented by dynamic bandwidth management and comprehensive backup high availability and redundancy functions over ISDN and VRRP IPSec based VPN provides optimal security for connecting branch offices and home offices thanks to the high security 3 DES or...

Page 11: ...Network can be used to set up secure data communi cations over the Internet The following structure results when using the Internet instead of direct con nections All participants have fixed or dial up connections to the Internet Expensive dedicated lines are no longer needed 쐃 All that is required is the Internet connection of the LAN in the headquar ters Special switching devices or routers for ...

Page 12: ... would be the case for conventional direct connections A single Internet access can be used to establish multiple simultaneous logical connections to a variety of remote sites The resulting savings and high flexibility makes the Internet or any other IP network an outstanding backbone for a corporate network 1 2 Just what can your LANCOM Router do The following table provides a comparison of the p...

Page 13: ...a LAN ports ISDN S0 connector for establishing Dynamic VPN connections to remote sites with dynamic IP addresses LAN connection Individual Gigabit Ethernet LAN ports Alternatively switchable as a WAN interface for connecting SDSL modems 4 4 USB connector USB 2 0 host port high speed 480 Mbps for connecting a USB printer and for future extensions Security functions IPSec encryption via external sof...

Page 14: ...tion Remote configuration via ISDN with ISDN PPP connections e g via Win dows Dial Up Networking Serial configuration interface Call back function with PPP authentication mechanisms allowing only predefined ISDN call numbers FirmSafe for no risk firmware updates Optional software extensions LANCOM VPN Option with 200 active tunnels for secure network connec tivity LANCOM VPN Option with 500 active...

Page 15: ...take up immediate contact to your dealer or to the address on the delivery note supplied with your device 2 2 System requirements Computers that connect to a LANCOM must meet the following minimum requirements Operating system with TCP IP support such as Windows Linux BSD Unix Apple Mac OS OS 2 Access to the LAN via the TCP IP protocol The LANtools also require a Windows operating system A web bro...

Page 16: ... opposite The LED lights permanently in the respective colour and is only briefly interrupted Flickering means that the LED is switched on and off in irregular inter vals 2 3 1 Front The LANCOM Routers are equipped with the following status displays on the front panel LANCOM 7100 VPN LANCOM 9100 VPN 쐃 Power This LED provides information on the device s operating state Power Fan Online Online Backu...

Page 17: ...ed and no WAN connections can be established there is no cause for concern This merely means that a pre set charge or time limit has been reached There are three ways to remove the lock Reset the toll protection Increase the limit Deactivate the lock completely set limit to 0 LANmonitor shows you when a charge or time limit has been reached To reset the toll protec tion activate the context menu r...

Page 18: ... least one connection is established Red On perma nently Error establishing the last connection Off None of the WAN connections or virtual routers is in the backup state Red On perma nently At least one of the WAN connections or virtual routers is in the backup state Off No VRRP aktive or VRRP active an one virtual router defined in the device is in the Master state Red On perma nently All virtual...

Page 19: ...e LANCOM Routers are equipped with the following interfaces on the front panel LANCOM 7100 VPN LANCOM 9100 VPN 쐎 COM Connector for the serial configuration cable 쐅 ETH 1 to 4 Ethernet sockets 10 100 1000Base Tx for connection to the LAN 10 Mbit 100 Mbit or 1000 Mbit connections are supported The available transfer rate is detected automatically autosensing Off No VPN tunnel established Green blink...

Page 20: ... configuration will be deleted by mistake if a co worker presses the reset button too long You can define the behavior of the reset but ton with a setting in WEBconfig LCOS menu tree Setup Config Green Off No networking device attached Green On perma nently Connection to network device operational not data traffic Green Flickering Data traffic Yellow Off 1000 Mbps Yellow On perma nently 10 100 Mbp...

Page 21: ...tart with the restored factory settings After resetting the device starts completely unconfigured and all set tings are lost If possible be sure to backup the current device config uration before resetting 2 3 2 Rear panel The following connectors are located on the rear of the device Please observe the following notice The settings Ignore or Boot only makes it impossible to reset the configuratio...

Page 22: ...the type node hub of attached network devices It is possible to connect devices of different speeds and types in parallel Avoid having multiple unconfigured LANCOMs at once within a single network segment Any unconfigured LANCOM takes on the same IP address ending in 254 and so address conflicts could arise To avoid problems multiple LANCOMs should be configured one after the other with the respec...

Page 23: ...y power and switch on Using the IEC cable씊 supply power to the device and switch it on using the switch 씉 located on the rear panel 2 5 Software installation The following section describes the installation of the Windows compatible system software LANtools as supplied You may skip this section if you use your LANCOM VPN Router exclu sively with computers running operating systems other than Win d...

Page 24: ...tion program for all LANCOM routers and LANCOM access points WEBconfig can be used alterna tively or in addition via a web browser With LANmonitor you can use a Windows computer to monitor all of your LANCOM routers and LANCOM access points With Documentation you copy the documentation files onto your PC Select the appropriate software options and confirm your choice with Next The software is inst...

Page 25: ...computers in the LAN so that they can access the device without prob lem 3 1 Details you will need The Basic Settings Wizard is used to set the LANCOM VPN Routers basic TCP IP parameters and to protect the device with a configuration password The following description of the information required by the wizard is divided into the following configuration sections TCP IP settings Protecting the confi...

Page 26: ...Should you still configure manually Fully automatic TCP IP configuration is optional Instead of this you can select manual configuration Make this selection after considering the following Select automatic configuration if you are not familiar with networks and IP addresses Select the manual TCP IP configuration if you are familiar with networking and IP addresses and you would like to specify the...

Page 27: ...fication The device s configuration con tains a great deal of sensitive data such as data for Internet access and should be protected by a password in all cases Multiple administrators can be set up in the configuration of the LANCOM each with different access rights Up to 16 different admin istrators can be set up for a LANCOM VPN Router Further information can be found in the LCOS reference manu...

Page 28: ...cted via the serial configuration interface or in the network File Find devices If you cannot access an unconfigured LANCOM VPN Router the prob lem may be the LAN netmask In case there are less than 254 potential hosts available netmask 255 255 255 0 you must ensure that the IP address x x x 254 is available in your subnet If you choose automatic TCP IP configuration you can continue with step 햶 햴...

Page 29: ...tion of the LANCOM although unlike LANconfig it runs under any operating system with a Web browser Secure with HTTPS WEBconfig offers secure remote configuration by encrypting the configura tion data with HTTPS https IP address or device name Always use the latest version of your browser to ensure maximum security Accessing the device with WEBconfig To carry out a configuration with WEBconfig you ...

Page 30: ...ress 172 23 56 254 With the factory settings and an activated DHCP server the device for wards all incoming DNS requests to the internal Web server This means that a connection can easily be made to set set up an uncon figured LANCOM by entering any name into a Web browser If the configuration computer does not retrieve its IP address from the LANCOM DHCP server it determines the current IP addres...

Page 31: ...f the device If there is no DNS server in the LAN or if it is not coupled to the DHCP server the device cannot be reached via the name In this case the follow ing options remain Under LANconfig use the function Find devices or under WEBconfig use the search for other devices option from any other networked LANCOM Use suitable tools to find out the IP address assigned to the LANCOM by DHCP and acce...

Page 32: ...TPS Always use the HTTPS connection for increased security whenever possible Setup Wizards The setup Wizards allow quick and easy configuration of the most common device settings Select the Wizard and enter the appropriate data on the fol lowing screens The settings are not stored in the device until inputs are confirmed on the last screen of the Wizard ...

Page 33: ...AN for devices with a radio mod ule but it also communicates its own IP address as the standard gateway and DNS server For this reason the PCs have to be set up to automatically retrieve their own IP address and those of the standard gateway and DNS server via DHCP IP address allocation by a separate DHCP server For this reason the workstation PCs have to be set up to automatically retrieve their ...

Page 34: ...nal ADSL modem first has to be connected to one of the device s ETH ports When set ting up the Internet access you define which ETH port the ADLS modem has been connected to Does the Setup Wizard know your Internet provider The Wizard is preset with access data for the principal Internet providers in your country and offers you a selection list If you find your Internet provider in this list then ...

Page 35: ...polling to monitor the function of the remote site Apart from that you can opt to keep flatrate connections permanently active keep alive In case a connection should fail it is re estab lished automatically Creating a backup connection to the Internet The most common utilization of the backup solution is to provide an auxiliary Internet connection When setting up an Internet connection an the addi...

Page 36: ... up a backup connection Select the corresponding WAN interface to be used for the backup connection and enter the relevant access data for the Internet connection The Wizard then sets up the alternative Internet access and at the same time creates the necessary entries into the backup table and also in the PPP table for checking the Internet connection Please be aware that in the case of backup vi...

Page 37: ...menu 햳 In the following windows you select your country your Internet provider if possible and you enter your access data 햴 Depending on availability the Wizard provides further options for your Internet connection 햵 The wizard will inform you as soon as the entries are complete Close the configuration with Finish LANconfig Fast starting of the Setup Wiz ards The fastest way of starting the Setup ...

Page 38: ...y must be configured Note that the configuration information at both ends must match The following instructions assume that LANCOM Routers are being operated at both ends It is possible to set up network connectivity between routers from other manufacturers However this mixed con figuration frequently requires far reaching modifications to both devices In cases like this refer to the Reference Man...

Page 39: ...required via VPN simple method with pre shared keys and or via ISDN For further information on VPN based network connectivity by other methods refer to the LANCOM Reference Manual Connec tivity Entry Gateway 1 Gateway 2 VPN Does the remote site have an ISDN connec tion Yes No Yes No VPN Type of local IP address Static dynamic Static dynamic VPN Type of remote IP address Static dynamic Static dynam...

Page 40: ...ause your LANCOM to be renamed Ensure that you give different names to the two remote devices The name of the remote site is required for identifying the devices In the field ISDN number the telephone number of the remote ISDN site is specified Enter the full telephone number for the remote site including all necessary prefixes e g area codes The ISDN calling line ID specified is used to identify ...

Page 41: ...he TCP IP router In the TCP IP network correct addressing is of extreme importance For net work connectivity it should be observed that both networks are logically sep arated For this reason they require their own network number e g 10 0 1 x and 10 0 2 x The two network numbers must be different Unlike with Internet access network connectivity makes all of IP addresses visible in all participating...

Page 42: ...ible from the remote LAN not with their own IP address but with a freely definable address such as that of the VPN gateway This avoids giving stations in a remote LAN direct access to the computers in your own LAN For example if extranet VPN mode is set up to provide access from the branch office LAN to the main office from the IP address 10 10 2 100 and computer 10 10 2 10 then accesses the serve...

Page 43: ...f both routers you can start testing the network connection Try to communicate with a computer in the remote LAN e g with ping The LANCOM Router should automatically connect to the remote site and make contact to the requested computer Ping the quick test of a TCP IP con nection To test a TCP IP connection simply send a ping from your computer to a computer in the remote network Details on the pin...

Page 44: ...is even possible to simultaneously couple multiple routers to a central network 햲 In LANconfig mark the routers at branch offices which are to be coupled to a central router via VPN 햳 Use drag drop by mouse to place the devices onto the entry for the cen tral router 햴 The 1 Click VPN Site to Site Wizard will be started Enter a name for this access and select the address under which the router is a...

Page 45: ...ce properties 5 4 Instructions for WEBconfig In WEBconfig VPN based network connectivity cannot be set up in the Wizard The manual configuration has to be used instead Refer to the reference manual for information on this Carry out the configuration on both routers one after the other 햲 In the main menu launch the Wizard Connect two local area networks Follow the Wizard s instructions and enter th...

Page 46: ...dial in computer needs an ISDN adapter or an ISDN modem The protocol of data transfer is PPP This ensures that all normal devices and operating systems are supported Setting up dial in access is carried out with the familiar convenience of a Setup Wizard Security aspects Of course your LAN has to be protected from unauthorized access For this reason a LANCOM provides a range of security mechanisms...

Page 47: ...ing in Incoming number The optional ISDN calling line ID is used by the LANCOM Router for additional user authentication This security function should not be employed if the user will be dialing in from various ISDN connections Connec tivity Entry VPN ISDN User name VPN ISDN Password VPN Shared Secret for encryption VPN Hide own stations when accessing remote network extranet VPN ISDN Incoming cal...

Page 48: ...manual and automatic IP address assignment ensure that the addresses are freely available in your local network In our example the PC is assigned with the IP address 10 0 1 101 when it dials in This IP address allows the PC to fully participate in the LAN With the appro priate rights it can access any other device in the LAN This relationship also applies in the other direction The remote PC can b...

Page 49: ... 30 day test version of the LANCOM Advanced VPN Client on the CD supplied A precise description of the VPN client and notes on its setup are also to be found on the CD The Wizard then requests the parameters that were specified when setting up the RAS access in the LANCOM Router 6 2 2 Dialing in via ISDN A number of settings are required by the dial in computer This example is based on a Windows c...

Page 50: ...ish 햴 Configure the access account on the dial in PC as described Subsequently test the connection see box Ping the quick test of a TCP IP connec tion 6 4 1 Click VPN for LANCOM Advanced VPN Client VPN accesses for employees who dial into the network with the LANCOM Advanced VPN Client are very easy to set up with the Setup Wizard and exported to a file This file can then be imported as a profile ...

Page 51: ...an be used by other appli cations to send e mails When setting up the VPN access certain settings are made to optimize oper ations with the LANCOM Advanced VPN Client including Gateway If defined in the LANCOM VPN Router a DynDNS name is used here or alternatively the IP address FQDN Combination of the name of the connection a sequential number and the internal domain in the LANCOM VPN Router Doma...

Page 52: ...ns for WEBconfig 햲 In the main menu launch the Wizard Provide remote access RAS Fol low the Wizard s instructions and enter the necessary data 햳 Configure the access account on the dial in PC as described Subsequently test the connection see box Ping the quick test of a TCP IP connec tion ...

Page 53: ...fax answering machine online banking and Eurofile transfer Without any additional hardware every workstation can make use of the full range of ISDN functions provided via the network This completely dispenses with the need to equip workstations with expensive equipment such as ISDN adapters or modems The sole requirement is to install the office communication software on each workstation LANCAPI f...

Page 54: ...chap ter deals with installing and configuring the LANCOM CAPI Faxmodem and MS Windows Fax Service 7 1 Installing the LANCOM CAPI Faxmodem 햲 From the setup program on your LANCOM CD select the entry LANCOM software installation 햳 Select the option CAPI Faxmodem click on Next and follow the instruc tions of the installation routine Fax ISDN LANCOM with LANCAPI server PCs with fax software LANCAPI c...

Page 55: ...ice 햲 Go to the Control Panel and select the option Printers and faxes 햳 In the Printers and faxes window select the option Install a local fax printer Then follow the instructions provided by the installation tool In the current window an icon for the new fax printer appears To check the installation click with the right hand mouse key on the fax icon and select Properties The LANCOM CAPI Faxmode...

Page 56: ...an use the MS Windows Fax Service itself Alternatively you can use any fax program 7 3 1 Sending faxes from an office application 햲 Open your document in the usual manner with your office application and select the menu item File Print 햳 Define the fax device as the printer 햴 Click on OK A Wizard is displayed that guides you through the rest of the procedure 7 3 2 Sending faxes with the Windows Fa...

Page 57: ...LANCOM 7100 VPN LANCOM 9100 VPN Chapter 7 Fax transmission with LANCAPI 56 EN 햴 The fax client console opens up Select the menu item Send file fax A Wizard guides you through the remaining procedure ...

Page 58: ...m of 63 characters Keys that are normal words are not secure If you suspect anything change the key immediately When an employee with access to a key leaves the company then it is high time to change the wireless LAN key Even if there is the slightest sus picion of a leak renew the key 8 2 Security settings Wizard Access to the configuration of a device allows access to more than just critical inf...

Page 59: ...s to be available for accessing the configuration from local and remote networks 햵 In a subsequent step you can set parameters for locking the configuration such as the number of incorrect password entries and the duration of the lock 햶 For the firewall you can activate stateful inspection ping blocking and the stealth mode 햷 The Wizard will inform you as soon as the entries are complete Close the...

Page 60: ...perative to assign a password to the con figuration if you want to enable remote configuration Have you permitted remote configuration If you do not require remote configuration please ensure to switch it off If you need to make use of remote configuration ensure that you do not fail to password protect the configuration see the section above The field for disenabling remote configuration is to be...

Page 61: ... is set in the routing table for every route individually The routing table can be found in the LANconfig in the configuration area IP router on the Routing tab Have you used filters to close critical ports The firewall filters in LANCOM devices offer filter functions for individual computers or entire networks It is possible to set up source and destina tion filters for individual ports or port r...

Page 62: ... connections that are set up in the device A thief could gain access to a protected network The device s operation can be protected by various means for example it will cease to function if there is an interruption to the power supply or if the device is switched on in another location The scripting function can store the entire configuration in RAM only so that restarting the device will cause th...

Page 63: ... is physically con nected Is the correct transmission protocol selected The transmission protocol is defined with the basic settings The Basic Settings Wizard actually sets the correct protocol for a wide variety of DSL providers If your DSL provider is unknown to the Wizard you have to set the protocol your self The protocol specified by your DSL provider should work without prob lem You can chec...

Page 64: ...eeds The cause of this is the RCP IP receive windows size as defined in the Windows operating system The default value is too small for asynchronous connections Instructions for increasing the windows size are available in the Knowledge Base in the Support area of the LANCOM Systems Web site www lancom eu 9 3 Unwanted connections under Windows XP When booting Windows XP computers attempt to update...

Page 65: ... 300 328 EN 301 893 EN 55024 EN 55022 EN 55011 EN 50081 EN 60950 ES 59005 EN 60950 Approvals Notified in Germany Belgium Netherlands Luxembourg Austria Switzerland UK and Italy For information on new notifications see www lancom eu Environment Temperature Temperature range 0 40 C humidity 5 90 non condensing Options LANCOM Next Buiness Day Service Extension Central Site item no 61413 LANCOM 2 Year...

Page 66: ...in RJ45 sockets ISO 8877 EN 60603 7 BI_DA stands for bi directional pair A 10 2 2 ISDN S0 interface 8 pin RJ45 socket ISO 8877 EN 60603 7 Connector Pin Fast Ethernet Gigabit Ethernet 1 T BI_DA 2 T BI_DA 3 R BI_DB 4 PoE G BI_DC 5 PoE G BI_DC 6 R BI_DB 7 PoE 48 V BI_DD 8 PoE 48 V BI_DD Connector Pin Line IAE 1 2 3 T 2a 4 R 1a 5 R 1b 6 T 2b 7 8 ...

Page 67: ...th declares that the devices of the type described in this documentation are in agreement with the basic requirements and other relevant regulations of the 1995 5 EC directive The CE declarations of conformity for your device can be found on the relevant product page on the LANCOM Web site www lancom eu Connector Pin Line 1 CTS 2 RTS 3 RxD 4 RI 5 TxD 6 DSR 7 DCD 8 DTR U GND ...

Page 68: ...tor wiring 65 Configuration port 66 ISDN S0 interface 65 LAN interface 65 Outband 66 CPU load 18 D Date 18 Declaration of conformity 66 Default gateway 32 60 Device name 18 DHCP 32 DHCP server 11 25 32 Dial in access 45 Dial up adapter 48 DNS DNS access to the remote LAN 41 DNS server 11 32 Domain 41 Download 4 DSL transmission too slow 62 E Encryption 37 45 F Firewall 11 13 60 Block stations 60 F...

Page 69: ...ng NetBIOS 41 NetBIOS proxy 11 Network connectivity 37 Security aspects 37 45 Network mask 25 26 60 Network segment 21 Number of VPN tunnels 18 P Package content 14 Password 26 27 37 45 Password for the ISDN connection 40 PAT see IP masquerading Ping 42 PPP 45 PPP client 48 R RAS 10 Remote Access Service RAS Activate compression in software 48 Configuring the dial in computer 48 NetBIOS 48 Server ...

Page 70: ... 25 Manual 24 25 TCP IP filter 13 60 TCP IP router Settings 40 TCP IP windows size 63 Telnet 60 Temperature 18 TFTP 60 Time 18 Transmission protocol 62 U UDP 60 USB connector 19 V Virtual Private Network 10 Virtual Private Networks VPN 11 VPN 10 VPN client 48 W WAN Connector cable 14 WEBconfig 28 HTTPS 28 System requirements 14 Windows workgroup search 41 ...

Search results

Summary of Contents for 7100 VPN

Reviews:

Related manuals for 7100 VPN

Brands by name

Popular brands

Lancom 7100 VPN, Manual

Search results

Summary of Contents for 7100 VPN

Reviews:

Related manuals for 7100 VPN

Brands by name

Popular brands