Lancom 821+ User manual
110642/0109
LANCOM Systems GmbH
Adenauerstr. 20/B2
52146 Würselen
Germany
Internet www.lancom.eu
LANCOM 821+
LANCOM 1711+ VPN
LANCOM 1721 VPN
LANCOM 821+ LANCOM 1711+ VPN LANCOM 1721 VPN
쮿Handbuch
쮿Manual
...connecting your business
110642_LC-821plus-1711plus-1721-1 1110642_LC-821plus-1711plus-1721-1 1 07.01.2009 14:03:1307.01.2009 14:03:13
LANCOM 821+
LANCOM 1711+ VPN
LANCOM 1721 VPN
© 2009 LANCOM Systems GmbH, Wuerselen (Germany). All rights reserved.
While the information in this manual has been compiled with great care, it may not be deemed an assurance of product
characteristics. LANCOM Systems shall be liable only to the degree specified in the terms of sale and delivery.
The reproduction and distribution of the documentation and software included with this product is subject to written per-
mission by LANCOM Systems. We reserve the right to make any alterations that arise as the result of technical develop-
ment.
All explanations and documents for registration of the products you find in the appendix of this documentation, if they
were present at the time of printing.
Trademarks
Windows®, Windows Vista™, Windows XP®and Microsoft®are registered trademarks of Microsoft, Corp.
The LANCOM Systems logo, LCOS and the name LANCOM are registered trademarks of LANCOM Systems GmbH. All other
names mentioned may be trademarks or registered trademarks of their respective owners.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http://www.openssl.org/.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
This product includes software developed by the NetBSD Foundation, Inc. and its contributors.
This product includes the LZMA SDK written by Igor Pavlov.
Subject to change without notice. No liability for technical errors or omissions.
LANCOM Systems GmbH
Adenauerstr. 20/B2
52146 Wuerselen
Germany
www.lancom.de
Wuerselen, January 2009
110642/0109
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721 VPN
Preface
3
EN
Preface
Thank you for placing your trust in this LANCOM Systems product.
With the LANCOM Router you have chosen a powerful router that possesses
integrated DSL respectively ADSL and ISDN interfaces by default as well as an
integrated 4-port switch. With this router you can simply and comfortably
connect individual PCs or whole local networks to the high-speed Internet.
Model variants
This user manual applies to the following models of the LANCOM Router
series:
LANCOM 821+
LANCOM 1721 VPN
LANCOM 1711+ VPN
Model
restriction
The sections of the documentation that refer only to a range of models are
marked either in the corresponding text itself or with appropriate comments
placed beside the text.
In the other parts of the documentation, all described models have been clas-
sified under the general term LANCOM Router.
Security settings
To maximize the security available from your product, we recommend that you
undertake all of the security settings (e.g. firewall, encryption, access protec-
tion) that were not already activated when you purchased the product. The
LANconfig Wizard 'Security Settings' will help you with this task. Further infor-
mation is also available in the chapter 'Security settings'.
We would additionally like to ask you to refer to our Internet site www.lan-
com.de for the latest information about your product and technical develop-
ments, and also to download our latest software versions.
User manual and reference manual
The documentation of your device consists of the following parts:
Installation guide
User manual
Reference manual
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721 VPN
Preface
4
EN
You are now reading the user manual. It contains all information you need to
put your device into operation. It also contains all of the important technical
specifications.
The reference manual can be found on the LANCOM product CD as an Acrobat
(PDF) document. It is designed as a supplement to the user manual and goes
into detail on topics that apply to a variety of models. These include, for exam-
ple:
The system design of the operating system LCOS
Configuration
Management
Diagnosis
Security
Routing and WAN functions
Firewall
Quality of Service (QoS)
Virtual Private Networks (VPN)
Virtual Local Networks (VLAN)
Backup solutions
LANCAPI
Further server services (DHCP, DNS, charge management)
This documentation was created by …
... several members of our staff from a variety of departments in order to
ensure you the best possible support when using your LANCOM product.
In case you encounter any errors, or just want to issue critics enhancements,
please do not hesitate to send an email directly to:
Our online services www.lancom.de are available to you around the
clock should you have any queries regarding the topics discussed in
this manual or require any further support. The area 'Support' will
help you with many answers to frequently asked questions (FAQs).
Furthermore, the knowledgebase offers you a large reserve of infor-
mation. The latest drivers, firmware, utilities and documentation are
constantly available for download.
In addition, LANCOM support is available. For telephone numbers and
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721 VPN
Preface
5
EN
contact addresses of LANCOM support, please see the enclosed leaf-
let or the LANCOM Systems website.
Information symbols
Very important instructions. Failure to observe this may result in damage.
Important instruction that should be observed.
Additional information that may be helpful but which is not required.
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721 VPN
Contents
6
EN
Contents
1 Introduction 9
1.1 How do ADSL and ADSL 2+ work? 9
1.2 What does VPN offer? 10
1.3 What can your LANCOM Router do? 11
2 Installation 14
2.1 Package contents 14
2.2 System requirements 14
2.3 Status displays, interfaces and hardware installation 15
2.3.1 Status displays 15
2.3.2 Device connectors 19
2.4 Hardware installation 22
2.5 Software installation 23
2.5.1 Starting the software setup 24
2.5.2 Which software should I install? 24
3 Basic configuration 25
3.1 What details are necessary? 25
3.1.1 TCP/IP settings 25
3.1.2 Configuration protection 27
3.1.3 Settings for the DSL connection 27
3.1.4 Settings for the ISDN Connection 28
3.1.5 Charge protection 28
3.2 Instructions for LANconfig 28
3.3 Instructions for WEBconfig 30
3.4 TCP/IP settings to workstation PCs 33
4 Setting up Internet access 35
4.1 The Internet Connection Wizard 37
4.1.1 Instructions for LANconfig 37
4.1.2 Instructions for WEBconfig 38
4.2 The Firewall Wizard 38
4.2.1 LANconfig Wizard 39
4.2.2 Configuration under WEBconfig 39
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721 VPN
Contents
7
EN
5 Linking two networks 40
5.1 What information is necessary? 41
5.1.1 General information 41
5.1.2 Settings for the TCP/IP router 43
5.1.3 Settings for the IPX router 44
5.1.4 Settings for NetBIOS routing 45
5.2 Instructions for LANconfig 46
5.3 1-Click-VPN for networks (site-to-site) 47
5.4 Instructions for WEBconfig 48
6 Providing dial-in access 49
6.1 Which information is required? 49
6.1.1 General information 50
6.1.2 Settings for TCP/IP 51
6.1.3 Settings for IPX 52
6.1.4 Settings for NetBIOS routing 52
6.2 Settings for the dial-in computer 53
6.2.1 Dial-up via VPN 53
6.2.2 Dial-up via ISDN 53
6.3 Instructions for LANconfig 53
6.4 1-Click-VPN for LANCOM Advanced VPN Client 54
6.5 Instructions for WEBconfig 55
7 Sending faxes with LANCAPI 56
7.1 Installation of the LANCOM CAPI Faxmodem 57
7.2 Installation of the MS Windows fax service 58
7.3 Sending a fax 58
7.3.1 Send a fax with any given office application 58
7.3.2 Send a fax with the MS Windows fax service 59
8 Security settings 60
8.1 The security settings wizard 60
8.1.1 Wizard for LANconfig 60
8.1.2 Wizard for WEBconfig 61
8.2 The security checklist 61
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721 VPN
Contents
8
EN
9 Troubleshooting 65
9.1 No WAN connection is established 65
9.2 DSL data transfer is slow 65
9.3 Unwanted connections under Windows XP 66
9.4 Cable testing 66
10 Appendix 68
10.1 Performance data and specifications 68
10.2 Contact assignment 69
10.2.1 WAN interface 69
10.2.2 ADSL interface 69
10.2.3 ISDN S0interface 70
10.2.4 Ethernet interface 10/100Base-TX 70
10.2.5 Configuration interface (Outband) 71
10.3 Declaration of conformity 71
11 Index 72
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721 VPN
Chapter 1: Introduction
9
EN
1Introduction
The models LANCOM 821+, LANCOM 1721 VPN and LANCOM 1711+ VPN
are fully-featured routers that therefore also can be used in combination with
the integrated firewall for providing secure Internet access to a complete local
network (LAN).
The VPN option, which is either integrated already or can be activated subs-
quently, enables the LANCOM 1721 VPN and LANCOM 1711+ VPN to act as
powerful Dynamic VPN gateways for external offices or mobile users.
The LANCOM Router models offer each a DSL or ADSL connector and also an
ISDN connector. The ISDN line can be used as back- up for the DSL connection,
for remote management of the router, as basis for the office communication
via LANCAPI or for establishing VPN connections to remote sites with dynamic
IP addresses.
By using the Voice over IP function, these devices can transfer voice data over
broadband Internet connections as well.
1.1 How do ADSL and ADSL 2+ work?
ADSL (Asymmetric Digital Subscriber Line) is currently the most common tech-
nology for broadband Internet connections. Standard and almost ubiquitous
telephone lines (analog or DSL) are the basis for DSL data transfer to the near-
est telephone exchange. From here, the data is passed directly on to the Inter-
net over high-speed connections.
The asymmetric DSL variant ADSL was developed for applications where users
receive large amounts of data but transmit only small amounts, such as when
surfing in the WWW. ADSL subscribers can receive data at up to 8 Mbps
("downstream") and transmit at up to 800 kbps ("upstream"). ADSL providers
are able to reduce these maximum rates as they please.
To satisfy the strongly increasing demand for higher bandwidths, the stand-
ards ADSL 2 and ADSL 2+ provider higher data rates as a basis for applica-
tions such as video streaming or high-definition TV (HDTV) over the Internet.
Depending on the Internet provider, ADSL 2 devices support downstream data
rates of up to 12 Mbps, and ADSL 2+ devices support up to 24 Mbps. Hand-
shake routines during connection establishment ensure that the standards
ADSL, ADSL 2 and ADSL 2+ are intercompatible.
Parallel to data transfer, ADSL also provides full and unlimited support for the
classic applications in telephony (telephone, fax, answering machine, PBX).
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721 VPN
Chapter 1: Introduction
10
EN
This is facilitated by splitters which separate the voice frequencies from the
data frequencies.
1.2 What does VPN offer?
For LANCOM
1711+ VPN and
LANCOM 1721 VPN
only
A VPN (Virtual Private Network) can be used to set up secure data communi-
cations over the Internet.
The models LANCOM 1721 VPN and LANCOM 1711+ VPN are factory
equipped to support VPN with 5 active tunnels. With the additional
LANCOM VPN Option, VPN support can be extended to 25 active tun-
nels (incl. activated hardware accelerator).
The following structure results when using the Internet instead of direct con-
nections:
All participants have fixed or dial-up connections to the Internet. Expensive
dedicated lines are no longer needed.
All that is required is the Internet connection of the LAN in the headquar-
ters. Special switching devices or routers for dedicated lines to individual
participants are superfluous.
The subsidiary also has its own connection to the Internet.
Headquarters
Computers using remote access
Internet
LAN
LAN
Branch office
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721 VPN
Chapter 1: Introduction
11
EN
The RAS PCs connect to the headquarters LAN via the Internet.
The Internet is available virtually everywhere and typically has low access
costs. Significant savings can thus be achieved in relation to switched or ded-
icated connections, especially over long distances.
The physical connection no longer exists directly between two participants;
instead, the participants rely on their connection to the Internet. The access
technology used is not relevant in this case: Broadband technology such as
DSL (Digital Subscriber Line) is ideal. A conventional ISDN line can be used,
too.
The technologies of the individual participants do not have to be compatible
to one another, as would be the case for conventional direct connections. A
single Internet access can be used to establish multiple simultaneous logical
connections to a variety of remote stations.
The resulting savings and high flexibility makes the Internet (or any other IP
network) an outstanding backbone for a corporate network.
1.3 What can your LANCOM Router do?
The following table contains a direct comparison of the properties and func-
tions of your devices with other models:
LANCOM
821+
LANCOM
1711+ VPN
LANCOM
1721 VPN
Applications
Internet access ✔✔✔
LAN to LAN coupling via VPN ✔✔
LAN to LAN coupling via ISDN ✔✔✔
RAS server (via VPN) ✔✔
RAS server (via ISDN) ✔✔✔
IP router ✔✔✔
IPX router (via ISDN), e.g. for coupling of Novell networks or dialling into
Novell networks
✔✔
NetBIOS proxy for coupling of Microsoft peer-to-peer networks via ISDN ✔✔✔
DHCP and DNS server (for LAN and WAN) ✔✔✔
N:N mapping for coupling networks using the same IP address ranges ✔✔✔
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721 VPN
Chapter 1: Introduction
12
EN
Bridge function for coupling networks via ISDN connection ✔✔✔
Port-Mapping to set up LAN ports as additional WAN ports ✔✔
Policy-based routing for policy-based selection of target routes ✔✔✔
Load-balancing for bundling of multiple DSL channels 2 channels 4 channels 4 channels
Backup solutions and load balancing with VRRP ✔✔✔
NAT Traversal (NAT-T) ✔✔✔
DMZ with configurable IDS checks ✔✔✔
PPPoE-Server ✔✔✔
WAN- RIP ✔✔✔
Spanning Tree Protocol ✔✔✔
Layer-2-QoS-Tagging ✔✔✔
ISDN leased lines ✔✔✔
LANCAPI server for the operating with office applications as fax or
answering machine via ISDN interface
✔✔✔
WAN connection
Connection for DSL or cable modem ✔✔✔
Integrated ADSL modem (ADSL2+ ready) ✔✔
ISDN S0bus in multi device-mode or in point-to-point mode with auto-
matic D-channel protocol identification. Supports static and dynamic
channel bundling per MLPPP and BACP as well as Stac data compression
(Hi/fn)
✔✔✔
Port for external modem, analogue or GSM (requires LANCOM modem
adapter kit; from LCOS 5.0)
✔✔✔
LAN connection
4 individual Fast Ethernet LAN ports, switchable separately, e.g. as LAN
switch or separate DMZ ports, auto crossover.
✔✔✔
USB connector
USB 2.0 host port (full speed: 12 Mbps) for connecting a USB printer and
for future extensions
✔✔
Security functions
IPSec encryption in external software (VPN client) ✔✔
5 integrated VPN tunnels for protection of network connections ✔✔
IPSec encryption in hardware (optional; activated with the VPN-25
option)
✔✔
LANCOM
821+
LANCOM
1711+ VPN
LANCOM
1721 VPN
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721 VPN
Chapter 1: Introduction
13
EN
IP masquerading (NAT, PAT) to conceal individual LAN workstations
behind a single public IP address.
✔✔✔
Stateful Inspection Firewall ✔✔✔
Firewall filter for blocking individual IP addresses, protocols and ports ✔✔✔
MAC address filter regulates, for example, LAN-workstation access to the
IP routing function
✔✔✔
Protection of the configuration from brute-force attacks. ✔✔✔
Configuration
Configuration with LANconfig or with web browser, additionally terminal
mode for Telnet or other terminal programs, SNMP interface and TFTP
server function.
✔✔✔
Remote configuration via ISDN (with ISDN-PPP connections e.g. via Win-
dows network and dial-up connections)
✔✔✔
Serial configuration interface ✔✔✔
Callback function with PPP authentication mechanisms for restriction to
fixed ISDN telephone numbers
✔✔✔
FirmSafe with firmware versions for absolutely secure software upgrades ✔✔✔
Optional software extensions
LANCOM VPN Option with 25 active tunnels for protection of network
couplings
✔✔
Optional hardware extensions
LANCOM Modem Adapter Kit for connection of analog or GSM modems
to the serial interface
✔✔✔
LANCOM
821+
LANCOM
1711+ VPN
LANCOM
1721 VPN
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721 VPN
Chapter 2: Installation
14
EN
2 Installation
This chapter will assist you to quickly install hardware and software. First,
check the package contents and system requirements. The device can be
installed and configured quickly and easily if all prerequisites are fulfilled.
2.1 Package contents
Please check the package contents for completeness before starting the
installation. In addition to the device itself, the package should contain the
following accessories:
If anything is missing, please contact your retailer or the address stated on the
delivery slip of the unit.
2.2 System requirements
Computers that connect to a LANCOM must meet the following minimum
requirements:
LANCOM 821+
LANCOM 1721 VPN
LANCOM 1711+ VPN
Power adapter ✔✔✔
LAN connector cable (green plugs) ✔✔✔
WAN connector cable (dark blue plugs) ✔
ADSL connector cable (transparent plugs) ✔✔
ISDN connector cable (light blue plugs) ✔✔✔
Connector cable for the configuration interface ✔✔✔
LANCOM CD ✔✔✔
Printed documentation ✔✔✔
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721 VPN
Chapter 2: Installation
15
EN
Operating system that supports TCP/IP, e.g. Windows Vista™,
Windows XP, Windows Millennium Edition (Me), Windows 2000, Win-
dows 98, Linux, BSD Unix, Apple Mac OS, OS/2.
Access to the LAN via the TCP/IP protocol.
The LANtools also require a Windows operating system. A web
browser under any operating system provides access to WEBconfig.
2.3 Status displays, interfaces and hardware installation
2.3.1 Status displays
Meanings of the LEDs
In the following sections we will use different terms to describe the behaviour
of the LEDs:
Blinking means, that the LED is switched on or off at regular intervals in
the respective indicated colour.
Flashing means, that the LED lights up very briefly in the respective col-
our and stay then clearly longer (approximately 10x longer) switched off.
Inverse flashing means the opposite. The LED lights permanently in the
respective colour and is only briefly interrupted.
Flickering means, that the LED is switched on and off in irregular inter-
vals.
Front side
The various LANCOM Router models have different numbers of indicators on
the front panel depending on their functionality.
LANCOM 821+and
LANCOM 1721 VPN
LANCOM
LANCOM
1721
1721
VPN
VPN
Power
Power
ADSL Status
ADSL Status
Online
Online
ADSL Data
ADSL Data
ETH 3
ETH 3
ETH 4
ETH 4
ISDN Status
ISDN Status
ISDN Data
ISDN Data
ETH 1
ETH 1
ETH 2
ETH 2
VPN
VPN
not available on LANCOM 821+
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721 VPN
Chapter 2: Installation
16
EN
LANCOM 1711+ VPN
Top
The two top-mounted LEDs enable the main function status to be assessed
even if the device is positioned vertically.
Power This LED indicates that the device is operational. After the device has been
switched on, it will flash green for the duration of the self-test. After the self-
test, either an error is output by a flashing red light code or the device starts
and the LED remains lit green.
The power LED flashes red/green in alternation until a configuration
password has been specified. Without a configuration password, the
configuration data of the LANCOM is insecure. Under normal circum-
stances, you would assign a configuration password during the basic
configuration (see instructions in the following chapter). For informa-
1711+ VPN
Power
WAN Status
Online
WAN Data
ETH 3
ETH 4
ISDN Status
ISDN Data
ETH 1
ETH 2
VPN
Power
WLAN-Link
off Device off
green blinking Self-test when powering up
green constantly on Device ready for use
red/
green
blinking alternately Device insecure: configuration password not assigned
red blinking Time or connect-charge reached
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721 VPN
Chapter 2: Installation
17
EN
tion about a later assignment of the configuration password see the
section “Security settings”.
Online The online LED displays the general status of all WAN interfaces:
ADSL status
( LANCOM
821+ and
LANCOM
1721 VPN
only)
Information on connection status at the ADSL connector:
Flashing Power LED but no connection?
There's no need to worry if the Power LED blinks red and you can no
longer connect to the WAN. This simply indicates that a preset time or
connect-charge limit has been reached. There are three methods
available for unlocking:
Reset connect charge protection.
Increase the limit that has been reached.
Completely deactivate the lock that has been triggered (set limit
to '0').
If a time or connect charge limit has been reached, you will be notified in LANmonitor. To
reset the connect charge protection, select Reset Charge and Time Limits in the context
menu (right mouse click). You can configure the connect charge settings in LANconfig under
Management Costs (you will only be able to access this configuration if 'Complete con-
figuration display' is selected under View Options…).
You will find the connect charge protection reset in WEBconfig and all parameters under
Expert Configuration Setup Charges-module.
Signal for reached time
or connect-charge
limit
Power
Power
Off No active connection
Green Flashing Opening the first connection
Green Inverse flashing Opening an additional connection
Green On (perma-
nently)
At least one connection is established
Red On (perma-
nently)
Error establishing the last connection
Off Interface deactivated
Green Blinking/flashing Handshake/training
Green Permanently Synchronization successful
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721 VPN
Chapter 2: Installation
18
EN
ADSL data
( LANCOM
821+ and
LANCOM
1721 VPN
only)
Information on data traffic at the ADSL connector:
WAN Status
(only LANCOM
1711+ VPN)
Connection status of the WAN connection:
WAN Data
(only LANCOM
1711+ VPN)
Data traffic via the WAN connection:
ISDN status Information on connection status at the ISDN S0connector:
Red Flickering Error (CRC error, framing error, etc.)
Red On (permanently) No synchronization, searching for remote station
Red/
orange
Blinking Hardware error
Off No logical connection
Green Blinking Opening the first connection
Green Inverse flashing Opening an additional connection
Green Permanently At least one logical connection is established
Green Inverse flickering Data traffic (send or receive)
off not connected
green blinking Establishing first connection
green invers flashing Establishing further connection
green constantly on At least one connection established
red constantly on Error while establishing connection
off No network device connected
green constantly on Connection to network device operational, no data traffic
green flickering Data traffic (send or receive)
Off Not connected or no S0voltage (no error message)
Green Blinking D-channel initialization (establishing contact to provider)
Green On (perma-
nently)
D-channel operational
Red Flickering D-channel error
Red On (perma-
nently)
D-channel activation failed
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721 VPN
Chapter 2: Installation
19
EN
If the ISDN status LED goes off automatically, this does not indicate
an error at the S0bus. It is in fact because several ISDN connections
and PBXs switch the S0bus into power-saving mode after a certain
period of inactivity. When needed, the S0bus automatically reacti-
vates and the ISDN status LED illuminates in green.
ISDN Data Status display for both ISDN B channels:
ETH LAN connector status in the integrated switch:
VPN Status of a VPN connection.
2.3.2 Device connectors
The connections and switches of the router are located on the back panel:
off No connection established
green Blinking Dialling
green Flashing Establishing first connection
green Inverse flashing Establishing further connection
green Constantly on Connection established via B channel
green Flickering Data traffic (send or receive)
Off No networking device attached
Green On (perma-
nently)
Connection to network device operational, not data traffic
Green Flickering Data traffic
Red Flickering Data packet collision
Off No VPN tunnel established
Green Blinking Connection establishment
Green Flashing First connection
Green Inverse flashing Other connections
Green On (perma-
nently)
VPN tunnels are established
This manual suits for next models
2
Table of contents
Other Lancom Wireless Access Point manuals
Lancom
Lancom L-321agn Wireless User manual
Lancom
Lancom L-54g Wireless User manual
Lancom
Lancom OAP-382 User manual
Lancom
Lancom L-310agn Wireless User manual
Lancom
Lancom OAP-322 User manual
Lancom
Lancom L-54ag Wireless User manual
Lancom
Lancom L-322agn User manual
Lancom
Lancom OAP-54 User manual
Lancom
Lancom LN-860 User manual
Lancom
Lancom L-305agn Wireless User manual
