Lancom 9100 VPN User manual

110644/0409

LANCOM Systems GmbH

Adenauerstr. 20/B2

52146 Würselen

Germany

E-Mail: [email protected]

Internet www.lancom.eu

LANCOM 9100 VPN

LANCOM 9100 VPN Wireless

쮿Handbuch

쮿Manual

...connecting your business

110644_LC-9100-MANUAL_cover.indd1 1110644_LC-9100-MANUAL_cover.indd1 1 01.04.2009 18:12:5701.04.2009 18:12:57

LANCOM 9100 VPN

While the information in this manual has been compiled with great care, it may not be deemed an assurance of product

characteristics. LANCOM Systems shall be liable only to the degree specified in the terms of sale and delivery.

The reproduction and distribution of the documentation and software supplied with this product and the use of its contents

is subject to written authorization from LANCOM Systems. We reserve the right to make any alterations that arise as the

result of technical development.

Windows®, Windows Vista™, Windows NT® and Microsoft® are registered trademarks of Microsoft, Corp.

The LANCOM Systems logo, LCOS and the name LANCOM are registered trademarks of LANCOM Systems GmbH. All other

names or descriptions used may be trademarks or registered trademarks of their owners.

Subject to change without notice. No liability for technical errors or omissions.

Products from LANCOM Systems include software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http:/

/www.openssl.org/).

Products from LANCOM Systems include cryptographic software written by Eric Young (eay@cryptsoft.com).

Products from LANCOM Systems include software developed by the NetBSD Foundation, Inc. and its contributors.

Products from LANCOM Systems contain the LZMA SDK developed by Igor Pavlov.

LANCOM Systems GmbH

Adenauerstr. 20/B2

52146 Wuerselen

Germany

www.lancom.eu

Wuerselen, April 2009

44/

LANCOM 9100 VPN

Preface

Preface

Thank you for your confidence in us!

You have decided on a high quality product from LANCOM. The LANCOM

9100 VPN is a high performance central site VPN gateway that provides con-

nectivity for up to 1000 sites. The following functions are characteristics of the

LANCOM 9100 VPN:

Provides 200 VPN channels, upgradable to 1000 remote sites

VRRP and load balancing

Advanced Routing and Forwarding with 256 VLAN / IP contexts

Status and error display

4 x Gigabit Ethernet + ISDN BRI

Security settings

To maximize the security available from your product, we recommend that you

undertake all of the security settings (e.g. firewall, encryption, access protec-

tion) that were not already activated when you purchased the product. The

LANconfig Wizard 'Security Settings' will help you with this task. Further infor-

mation is also available in the chapter 'Security settings'.

We would additionally like to ask you to refer to our Internet site www.lan-

com.eu for the latest information about your product and technical develop-

ments, and also to download our latest software versions.

Components of the documentation

The documentation of your device consists of the following parts:

Installation Guide

User manual

Reference manual

Menu Reference Guide

You are now reading the user manual. It contains all information you need to

put your device into operation. It also contains all of the important technical

specifications.

The Reference Manual is to be found as an Acrobat document (PDF file) at

www.lancom.eu/download or on the CD supplied. It is designed as a supple-

ment to the user manual and goes into detail on topics that apply to a variety

of models. These include, for example:

LANCOM 9100 VPN

Preface

The system design of the operating system LCOS

Configuration

Management

Diagnosis

Security

Routing and WAN functions

Firewall

Quality of Service (QoS)

Virtual Private Networks (VPN)

Virtual Local Networks (VLAN)

Backup solutions

LANCAPI

Further server services (DHCP, DNS, charge management)

The Menu Reference Guide (also available at www.lancom.eu/download or on

the CD supplied) describes all of the parameters in LCOS, the operating system

used by LANCOM products. This guide is an aid to users during the configu-

ration of devices by means of WEBconfig or the telnet console.

An der Erstellung dieser Dokumentation …

… haben mehrere Mitarbeiter/innen aus verschiedenen Teilen des Unterneh-

mens mitgewirkt, um Ihnen die bestmögliche Unterstützung bei der Nutzung

Ihres LANCOM-Produktes anzubieten.

Sollten Sie einen Fehler finden oder einfach nur Kritik oder Anregung zu dieser

Dokumentation äußern wollen, senden Sie bitte eine E-Mail direkt an:

[email protected]

LANCOM 9100 VPN

Content

Content

1 Introduction 8

1.1 What does VPN offer? 9

1.2 Just what can your LANCOM Router do? 10

2 Installation 13

2.1 Package content 13

2.2 System requirements 13

2.3 Status displays and interfaces 14

2.3.1 Front 14

2.3.2 Rear panel 20

2.4 Hardware installation 20

2.5 Software installation 21

2.5.1 Starting the software setup 21

2.5.2 Which software should I install? 22

3 Basic configuration 23

3.1 What details are necessary? 23

3.1.1 TCP/IP settings 23

3.1.2 Configuration protection 25

3.1.3 Charge protection 25

3.2 Instructions for LANconfig 26

3.3 Instructions for WEBconfig 27

3.4 TCP/IP settings for PC workstations 31

4 Setting up Internet access 32

4.1 The Internet Connection Wizard 34

4.1.1 Instructions for LANconfig 34

4.1.2 Instructions for WEBconfig 35

LANCOM 9100 VPN

Content

5 Connecting two networks 36

5.1 Which details are necessary? 37

5.1.1 General information 37

5.1.2 Settings for the TCP/IP router 39

5.1.3 Settings for NetBIOS routing 40

5.2 Instructions for LANconfig 41

5.3 1-Click-VPN for networks (site-to-site) 42

5.4 Instructions for WEBconfig 43

6 Providing dial-in access 45

6.1 Which details are necessary? 45

6.1.1 General information 46

6.1.2 Settings for TCP/IP 47

6.1.3 Settings for NetBIOS routing 47

6.2 Settings on the dial-in computer 48

6.2.1 Dialing-in via VPN 48

6.2.2 Dialing-in via ISDN 48

6.3 Instructions for LANconfig 49

6.4 1-Click-VPN for LANCOM Advanced VPN Client 49

6.5 Instructions for WEBconfig 50

7 Fax transmission with LANCAPI 51

7.1 Installing the LANCOM CAPI Faxmodem 52

7.2 Installing the MS Windows Fax Service 53

7.3 Sending a fax 54

7.3.1 Sending faxes from an office application 54

7.3.2 Sending faxes with the Windows Fax Service 54

8 Security settings 56

8.1 Tips for the proper treatment of keys and passphrases 56

8.2 Security settings Wizard 56

8.2.1 LANconfig Wizard 57

8.2.2 WEBconfig Wizard 57

8.3 The security checklist 58

LANCOM 9100 VPN

Content

9 Advice & assistance 61

9.1 No WAN connection can be established 61

9.2 Slow DSL transmission 61

9.3 Unwanted connections under Windows XP 62

10 Appendix 63

10.1 Performance and characteristics 63

10.2 Connector wiring 64

10.2.1 LAN/WAN interface 10/100/1000Base-TX, DSL interface

10.2.2 ISDN-S0interface 64

10.2.3 Configuration interface (outband) 65

10.3 Declaration of conformity 65

11 Index 66

LANCOM 9100 VPN

Chapter 1: Introduction

1Introduction

The LANCOM 9100 VPN is a high-performance central-site VPN gateway that

supports 200 VPN connections. With the LANCOM VPN Option, it provides

VPN connections for up to 1000 sites. Quality-of-Service, dynamic bandwidth

management and the four Gigabit-Ethernet slots ensure that data is correctly

prioritized in the network and that speeds are maximized. Various connection

possibilities including ISDN, WAN and the USB 2.0 host port facilitate its inte-

gration into the network. Practical: Various information on the device is per-

manently displayed, including temperature, CPU load, and active VPNs. The

fan's function is permanently monitored by LED and, additionally, an acoustic

signal is emitted should the CPU overheat.

The integrated firewall with security functions such as stateful inspection,

intrusion detection and denial-of-service protection is supplemented by

dynamic bandwidth management and comprehensive backup, high-

availability and redundancy functions over ISDN and VRRP.

IPSec-based VPN provides optimal security for connecting branch offices and

home offices thanks to the high-security 3-DES or AES encryption, integrated

hardware acceleration, and support of digital certificates.

The versatile functions for address translation and routing allow different net-

works to be connected over common infrastructure. The LANCOM Advanced

Routing and Forwarding concept ensures that professional network virtuali-

zation is no longer a problem: Existing networks at partner companies, branch

offices, or home-office workstations can be integrated into the VPN without

problem.

HEADQUARTER

VPN GATEWAY SERVER

NTBA NTBA

VPN ROUTER

INTERNET

ISDN NET

BRANCH

ADSL

LAN

Breakdown of

Provider Network

Breakdown of

Internet Connection

Backup Connection

LANCOM 9100 VPN

Chapter 1: Introduction

The management systems LANconfig and LANmonitor are included and offer

not only cost-effective remote maintenance of entire installations along with

highly convenient setup wizards, but also full real-time monitoring and log-

ging. Service providers benefit from the broad range of scripting methods and

professional access with individual access rights for administrators via SSH,

HTTPS, TFTP and ISDN dial-in.

1.1 What does VPN offer?

A VPN (Virtual Private Network) can be used to set up secure data communi-

cations over the Internet.

The following structure results when using the Internet instead of direct con-

nections:

All participants have fixed or dial-up connections to the Internet. Expensive

dedicated lines are no longer needed.

쐃All that is required is the Internet connection of the LAN in the headquar-

ters. Special switching devices or routers for dedicated lines to individual

participants are superfluous.

쐇The subsidiary also has its own connection to the Internet.

쐋The RAS PCs connect to the headquarters LAN via the Internet.

HEADQUARTER

VPN GATEWAY

LAN

SERVER

LAPTOP

INTERNET

VPN ROUTER ROUTER

BRANCH

LAN

Table of contents

Other Lancom Network Router manuals

Popular Network Router manuals by other brands

Allnet

Allnet ALL0333AU user guide

HomeSeer

HomeSeer HT-SEL Getting started guide

Sercomm

Sercomm Genesis OC3505D Quick installation guide

Billion

Billion BIPAC 5102 Series user manual

TP-Link

TP-Link TD-8817 QIG

Motorola

Motorola MR1900 user guide

Digi

Digi IX14 user guide

Cisco

Cisco NCS 540 Hardware installation guide

XAVi

XAVi X8821e user manual

BEC

BEC 6200WZL Quick installation guide

MikroTik

MikroTik hAP ac3 Series quick start

Korenix

Korenix JetNet 5428G Series user manual

NETGEAR

NETGEAR FS526T - Switch installation guide

Automated Logic

Automated Logic ZN551 Technical instructions

Cisco

Cisco ASR 1000 Series Installation and configuration guide

EnGenius

EnGenius ESR-9710 quick start guide

Cisco

Cisco 805 Series Product overview

LevelOne

LevelOne FBR-1416 user manual