Lancom 9100 VPN Manual
  1. Manuals
  2. Brands
  3. Lancom Manuals
  4. Network Router
  5. 9100 VPN
  6. Manual

Lancom 9100 VPN Manual

Hide thumbs Also See for 9100 VPN:
Table of Contents

Advertisement

Quick Links

Download this manual
. . . c o n n e c t i n g
y o u r
b u s i n e s s
LANCOM 9100 VPN
Handbuch
Manual

Advertisement

Table of Contents
loading

Related Manuals for Lancom 9100 VPN

Summary of Contents for Lancom 9100 VPN

  • Page 1 . . . c o n n e c t i n g y o u r b u s i n e s s LANCOM 9100 VPN Handbuch Manual...
  • Page 2 LANCOM 9100 VPN...
  • Page 3 The reproduction and distribution of the documentation and software supplied with this product and the use of its contents is subject to written authorization from LANCOM Systems. We reserve the right to make any alterations that arise as the result of technical development.
  • Page 4 Thank you for your confidence in us! You have decided on a high quality product from LANCOM. The LANCOM 9100 VPN is a high performance central site VPN gateway that provides con- nectivity for up to 1000 sites. The following functions are characteristics of the...
  • Page 5 CD supplied) describes all of the parameters in LCOS, the operating system used by LANCOM products. This guide is an aid to users during the configu- ration of devices by means of WEBconfig or the telnet console.

  • Page 6: Table Of Contents

    LANCOM 9100 VPN Content Content 1 Introduction 1.1 What does VPN offer? 1.2 Just what can your LANCOM Router do? 2 Installation 2.1 Package content 2.2 System requirements 2.3 Status displays and interfaces 2.3.1 Front 2.3.2 Rear panel 2.4 Hardware installation 2.5 Software installation...
  • Page 7 6.2 Settings on the dial-in computer 6.2.1 Dialing-in via VPN 6.2.2 Dialing-in via ISDN 6.3 Instructions for LANconfig 6.4 1-Click-VPN for LANCOM Advanced VPN Client 6.5 Instructions for WEBconfig 7 Fax transmission with LANCAPI 7.1 Installing the LANCOM CAPI Faxmodem 7.2 Installing the MS Windows Fax Service...
  • Page 8 LANCOM 9100 VPN Content 9 Advice & assistance 9.1 No WAN connection can be established 9.2 Slow DSL transmission 9.3 Unwanted connections under Windows XP 10 Appendix 10.1 Performance and characteristics 10.2 Connector wiring 10.2.1 LAN/WAN interface 10/100/1000Base-TX, DSL interface 10.2.2 ISDN-S...

  • Page 9: Introduction

    LANCOM 9100 VPN Chapter 1: Introduction 1 Introduction The LANCOM 9100 VPN is a high-performance central-site VPN gateway that supports 200 VPN connections. With the LANCOM VPN Option, it provides VPN connections for up to 1000 sites. Quality-of-Service, dynamic bandwidth management and the four Gigabit-Ethernet slots ensure that data is correctly prioritized in the network and that speeds are maximized.

  • Page 10: What Does Vpn Offer

    LANCOM 9100 VPN Chapter 1: Introduction The management systems LANconfig and LANmonitor are included and offer not only cost-effective remote maintenance of entire installations along with highly convenient setup wizards, but also full real-time monitoring and log- ging. Service providers benefit from the broad range of scripting methods and professional access with individual access rights for administrators via SSH, HTTPS, TFTP and ISDN dial-in.

  • Page 11: Just What Can Your Lancom Router Do

    The resulting savings and high flexibility makes the Internet (or any other IP network) an outstanding backbone for a corporate network. Just what can your LANCOM Router do? The following table provides a comparison of the properties and functions of your device.
  • Page 12 LANCOM 9100 VPN Chapter 1: Introduction LANCOM 9100 VPN Load balancing for bundling multiple DSL channels 4 channels ✔ Backup solutions and load balancing with VRRP ✔ NAT Traversal (NAT-T) ✔ DMZ with configurable IDS checks ✔ PPPoE servers ✔...
  • Page 13 Call-back function with PPP authentication mechanisms allowing only predefined ISDN call numbers ✔ FirmSafe for no-risk firmware updates Optional software extensions ✔ LANCOM VPN Option with 500 active tunnels for secure network connectivity ✔ LANCOM VPN Option with 1000 active tunnels for secure network connectivity ✔ LANCOM Service option...

  • Page 14: Installation

    Should anything be missing, please take up immediate contact to your dealer or to the address on the delivery note supplied with your device. System requirements Computers that connect to a LANCOM must meet the following minimum requirements: Operating system that supports TCP/IP, e.g. Windows Vista™, Windows XP, Windows Millennium Edition (Me), Windows 2000, Win- dows 98, Linux, BSD Unix, Apple Mac OS, OS/2.

  • Page 15: Status Displays And Interfaces

    Flickering means, that the LED is switched on and off in irregular inter- vals. 2.3.1 Front The LANCOM 9100 VPN is equipped with the following status displays on the front panel: LANCOM 9100 VPN ³ · »...
  • Page 16 The power LED blinks alternately in red/green until a configuration  password has been set. Without a configuration password, the confi- guration data in the LANCOM is unprotected. Normally you would set a configuration password during the basic configuration (instructions in the following chapter). Information about setting a configuration password at a later time is available in the section 'The Security Wizard'.
  • Page 17 LANCOM 9100 VPN Chapter 2: Installation · The Fan LED displays the fan's status: Green On (perma- CPU temperature OK nently) Orange On (perma- CPU temperature > 55° nently) blinking Hardware failure of the fan or CPU temperature > 60°; addi-...
  • Page 18 Device name Firmware version Device temperature Date and time CPU load Memory load Number of VPN tunnels Data transfer in reception direction Data transfer in transmission direction The LANCOM 9100 VPN is equipped with the following interfaces on the front panel:...
  • Page 19 LANCOM 9100 VPN Chapter 2: Installation µ ¾ ¸ ¹ LANCOM 9100 VPN ETH1 ETH2 ETH3 ETH4 ISDN ¾ Connector for the serial configuration cable. µ ETH 1 to 4 Ethernet sockets ( 10/100/1000Base-Tx) for connection to the LAN. 10 Mbit, 100 Mbit or 1000 Mbit connections are supported.
  • Page 20 LANCOM 9100 VPN Chapter 2: Installation Reset Reset button (see 'Reset button functions') Reset button functions The reset button offers two basic functions—boot (restart) and reset (to the factory settings)—which are called by pressing the button for different lengths of time.

  • Page 21: Rear Panel

    If necessary fix the rubber pads to the underside of the device to prevent any scratching to other equipment. LAN – first of all connect your LANCOM Router to the LAN or to an indi- vidual PC. Plug one end of the supplied network cable (green connectors) into an Ethernet port on the device µ, and the other end into an available...

  • Page 22: Software Installation

    Ether- net socket on, for example, a DSL modem or cable modem. ISDN – To connect the LANCOM Router to the ISDN, plug in one end of the supplied ISDN cable (light-blue connectors) to the ISDN S interface ¸...

  • Page 23: Which Software Should I Install

    2.5.2 Which software should I install? LANconfig is the Windows configuration program for all LANCOM rou- ters and LANCOM access points. WEBconfig can be used alternatively or in addition via a web browser. With LANmonitor you can use a Windows computer to monitor all of your LANCOM routers and LANCOM access points.

  • Page 24: Basic Configuration

    What details are necessary? The Basic Settings Wizard is used to set the LANCOM VPN Routers basic TCP/ IP parameters and to protect the device with a configuration password. The following description of the information required by the wizard is divided into...
  • Page 25 This usually happens in the fol- lowing situations: Only a single PC is going to be attached to the LANCOM VPN Router Setting up a new network Fully automatic TCP/IP configuration will not be offered if you are integrating the LANCOM VPN Router into an existing TCP/IP LAN.

  • Page 26: Configuration Protection

    If you operate the LANCOM Router on a DSL link that is charged on a time basis you can set the maximum connection time in minutes. The budget can be completely deactivated by entering a value of '0'.

  • Page 27: Instructions For Lanconfig

    (assuming that the appropriate networking environment exists). If the Setup Wizard does not start automatically, you can manually  search for new devices at all interfaces (if the LANCOM VPN Router is connected via the serial configuration interface) or in the network (File Find devices).

  • Page 28: Instructions For Webconfig

    Instructions for WEBconfig Device settings can be configured from any Web browser. WEBconfig configu- ration software is an integral component of the LANCOM. A Web browser is all that is required to access WEBconfig. WEBconfig offers similar Setup Wizards to LANconfig and hence provides the perfect conditions for easy con- figuration of the LANCOM –...
  • Page 29 LANCOM by entering any name into a Web browser. If the configuration computer does not retrieve its IP address from the LANCOM DHCP server, it determines the current IP address of the computer (with Start cmd and command ipconfig at the prompt under Win-...
  • Page 30 Chapter 3: Basic configuration command winipcfg at the prompt under Windows Me or Windows 9x, or with command ifconfig in the console under Linux). In this case, the LANCOM can be accessed with address x.x.x.254 (the “x”s stand for the first three blocks in the IP address of the configuration computer).
  • Page 31 LANCOM 9100 VPN Chapter 3: Basic configuration If you used the general configuration access, only enter the corresponding password. The user name field remains blank in this case. As an alternative, the login dialog provides a link for an encrypted ...

  • Page 32: Tcp/Ip Settings For Pc Workstations

    Manual IP address assignment If IP addresses in a network are statically assigned, then the IP address of the LANCOM is to be set as the standard gateway and DNS server in the TCP/IP configuration of each PC in the LAN.

  • Page 33: Setting Up Internet Access

    Chapter 4: Setting up Internet access 4 Setting up Internet access The LANCOM provides a central point of Internet access for all of the compu- ters in the LAN. The connection to the Internet provider can be established via any WAN connector, i.e. via DSL or ISDN (where available). Internet access via ISDN can be used to backup a DSL connection.
  • Page 34 Billing by time or flatrate – select the method by which you are billed by your Internet provider. In case of billing by time, you can set the LANCOM to cut connections automatically if no data flows for a certain time (the hold time).

  • Page 35: The Internet Connection Wizard

    LANCOM 9100 VPN Chapter 4: Setting up Internet access The Internet Connection Wizard 4.1.1 Instructions for LANconfig Mark your device in the selection window. From the command line, select Extras Setup Wizard. In the selection menu, select the Setup Wizard, Set up Internet connec- tion and confirm the selection with Next.

  • Page 36: Instructions For Webconfig

    LANCOM 9100 VPN Chapter 4: Setting up Internet access The Wizard will inform you as soon as the entries are complete. Close the configuration with Finish. The fastest way of starting the Setup Wizards under LANconfig is to use the command button in the button bar.

  • Page 37: Connecting Two Networks

    Security aspects Of course your LAN has to be protected from unauthorized access. For this reason, a LANCOM provides a range of security mechanisms that offer an out- standing level of protection. VPN: VPN-based connectivity relies on IPsec for transferring data. The...

  • Page 38: Which Details Are Necessary

    VPN (simple method with pre-shared keys) and/or via ISDN. For further information on VPN-based network connectivity by other  methods, refer to the LANCOM Reference Manual. Connecti- Entry Gateway 1...
  • Page 39 VPN connections to remote sites that use dynamic IP addresses. If you have not yet given a name to your LANCOM, the Wizard will ask you to enter a new name for your device. Entering a name will cause your LANCOM to be renamed.

  • Page 40: Settings For The Tcp/Ip Router

    The ISDN calling line ID specified is used to identify and authenticate the caller. If a LANCOM Router is called, it compares the ISDN calling line ID entered for the remote site to the ID that is actually received over the D channel from the caller.

  • Page 41: Settings For Netbios Routing

    The domain can only be specified in the LANconfig Wizard. With  WEBconfig, the necessary changes are made later in the Expert Con- figuration. Refer to the LANCOM Router reference manual for more detailed information. VPN extranet In the case of LAN-LAN connectivity via VPN, you can mask the individual computers behind another IP address.

  • Page 42: Instructions For Lanconfig

    LANCOM 9100 VPN Chapter 5: Connecting two networks Remote Windows workgroups do not appear in the Windows network  environment, but they can be contacted directly (e.g.by searching for a computer of known name). Instructions for LANconfig Carry out the configuration on both routers, one after the other.

  • Page 43: 1-Click-Vpn For Networks (Site-To-Site)

    LANCOM 9100 VPN Chapter 5: Connecting two networks remote LAN (e.g. with ping). The LANCOM Router should automatically connect to the remote site and make contact to the requested computer. To test a TCP/IP connection, simply send a ping from your computer to a computer in the remote network.

  • Page 44: Instructions For Webconfig

    LANCOM 9100 VPN Chapter 5: Connecting two networks The 1-Click-VPN Site-to-Site Wizard will be started. Enter a name for this access and select the address under which the router is accessible from the Internet. Select whether connection establishment is to take place via the name or IP address of the central router, or via an ISDN connection.
  • Page 45 Once you have completed the set-up of both routers, you can start testing the network connection. Try to communicate with a computer in the remote LAN (e.g. with ping). The LANCOM Router should automatically connect to the remote site and make contact to the requested computer.

  • Page 46: Providing Dial-In Access

    Security aspects Of course your LAN has to be protected from unauthorized access. For this reason, a LANCOM provides a range of security mechanisms that offer an outstanding level of protection. VPN: VPN-based connectivity relies on IPsec for transferring data. The...

  • Page 47: General Information

    User name and password: This access data serves to identify the user when dialing in. Incoming number: The optional ISDN calling line ID is used by the LANCOM Router for additional user authentication. This security function should not be employed if the user will be dialing-in from various ISDN connections.

  • Page 48: Settings For Tcp/Ip

    This IP address can be manually set to a fixed value when the user is created. A simpler option is to allow the LANCOM Router to assign the user with a free IP address when dialing in. In this case, all you have to do is to set the range of IP addresses which are to be available for assignment to the RAS users by the LANCOM Router.

  • Page 49: Settings On The Dial-In Computer

    The connection is not established automatically. The RAS user first has  to manually establish a connection to the LANCOM Router with the help of Dial-Up Networking. Once the connection has been establis- hed, the computer can access and search the other network (click on Search Computer, do not use the Network Neighborhood).

  • Page 50: Instructions For Lanconfig

    Advanced VPN Client are very easy to set up with the Setup Wizard and expor- ted to a file. This file can then be imported as a profile by the LANCOM Advan- ced VPN Client. All of the information about the LANCOM VPN Router's configuration is also included, and then supplemented with randomly gene- rated values (e.g.

  • Page 51: Instructions For Webconfig

    When setting up the VPN access, certain settings are made to optimize ope- rations with the LANCOM Advanced VPN Client, including: Gateway: If defined in the LANCOM VPN Router, a DynDNS name is used here, or alternatively the IP address FQDN: Combination of the name of the connection, a sequential number and the internal domain in the LANCOM VPN Router.

  • Page 52: Fax Transmission With Lancapi

    Chapter 7: Fax transmission with LANCAPI 7 Fax transmission with LANCAPI LANCAPI from LANCOM Systems is a specialized version of the widespread ISDN CAPI interface. CAPI stands for Common ISDN Application Programming Interface and it links ISDN adapters and communications software. This soft- ware in turn provides the computer with office-communications functions such as a fax or answering machine.

  • Page 53: Installing The Lancom Capi Faxmodem

    LANCOM CAPI Faxmodem and MS Windows Fax Service. Installing the LANCOM CAPI Faxmodem From the setup program on your LANCOM CD, select the entry LANCOM software installation. Select the option CAPI Faxmodem, click on Next and follow the instruc-...

  • Page 54: Installing The Ms Windows Fax Service

    LANCOM 9100 VPN Chapter 7: Fax transmission with LANCAPI After successful installation, the LANCOM CAPI Fax Modem is entered into the Control Panel under Phone and modem options. Installing the MS Windows Fax Service Go to the Control Panel and select the option Printers and faxes.

  • Page 55: Sending A Fax

    LANCOM 9100 VPN Chapter 7: Fax transmission with LANCAPI Sending a fax After installing the necessary components, there are a number of ways to send a fax from your computer. If you have a file ready to send, you can send this straight from its application.
  • Page 56 LANCOM 9100 VPN Chapter 7: Fax transmission with LANCAPI The fax client console opens up. Select the menu item Send file/fax. A Wizard guides you through the remaining procedure.

  • Page 57: Security Settings

    Chapter 8: Security settings 8 Security settings Your LANCOM features numerous security functions. This chapter provides you with all of the information you need to optimally protect your device. You can carry out the configuration of security settings very quickly ...

  • Page 58: Lanconfig Wizard

    Along with these basic settings, you can use the Security settings Wizard to check the settings of your wireless network (if so equipped). 8.2.1 LANconfig Wizard Mark your LANCOM in the selection window. From the command line, select Extras Setup Wizard. In the selection menu, select the Setup Wizard, Check security settings and confirm the selection with Next.

  • Page 59: The Security Checklist

    'Management' configuration area on the 'Security' tab. Have you activated the firewall? The stateful inspection firewall of LANCOM devices ensures that you local network cannot be attacked from the outside. Activate the firewall in LANconfig under 'Firewall/QoS' on the 'General' tab.
  • Page 60 'Routing' tab. Have you used filters to close critical ports? The firewall filters in LANCOM devices offer filter functions for individual computers or entire networks. It is possible to set up source and destina- tion filters for individual ports or port ranges. Furthermore, filters can be set for individual protocols or any combination of protocols (TCP/UDP/ ICMP).
  • Page 61 LANCOM 9100 VPN Chapter 8: Security settings Do you store your saved LANCOM configuration to a safe location? Protect your saved configurations in a location that is safe from unautho- rized access. Otherwise, byway of example, an unauthorized person may load your stored configuration file into another device and they can access the Internet at your expense.

  • Page 62: Advice & Assistance

    LANCOM 9100 VPN Chapter 9: Advice & assistance 9 Advice & assistance See this chapter for first-aid assistance if some of the typical problems should occur. No WAN connection can be established After starting, the router attempts automatically to connect to the Internet provider.

  • Page 63: Unwanted Connections Under Windows Xp

    Instructions for increasing the windows size are available in the Knowledge- Base in the Support area of the LANCOM Systems Web site (www.lancom.eu). Unwanted connections under Windows XP When booting, Windows XP computers attempt to update the time by acces- sing a time server in the Internet.

  • Page 64: Appendix

    CE-conformity to EN 300 328, EN 301 893, EN 55024, EN 55022, EN 55011, EN 50081, EN 60950, ES 59005, EN 60950 Approvals Notified in Germany, Belgium, Netherlands, Luxembourg, Austria, Switzerland, UK, and Italy. For information on new notifications, see www.lancom.eu. Environment/ Temperature range 0–40°C; humidity 5–90%; non-condensing Temperature Options LANCOM Service Option (4-year warranty, advance replacement) (item no.

  • Page 65: Connector Wiring

    LANCOM 9100 VPN Chapter 10: Appendix 10.2 Connector wiring 10.2.1 LAN/WAN interface 10/100/1000Base-TX, DSL interface 8-pin RJ45 sockets (ISO 8877, EN 60603-7) Connector Fast Gigabit Ethernet Ethernet BI_DA+* BI_DA- BI_DB+ PoE/G BI_DC+ PoE/G BI_DC- BI_DB- PoE/ -48 V BI_DD+ PoE/ -48 V BI_DD- *BI_DA+ stands for "bi-directional pair +A"...

  • Page 66: Configuration Interface (Outband)

    Line 10.3 Declaration of conformity LANCOM Systems herewith declares that the devices of the type described in this documentation are in agreement with the basic requirements and other relevant regulations of the 1995/5/EC directive. The CE declarations of conformity for your device are available in the appro-...

  • Page 67: Index

    LANCOM 9100 VPN Index Index Numerics DHCP 10/100Base-TX DHCP server 100-Mbit network Dial-in access 3 DES Dial-up adapter DNS access to the remote LAN DNS server Anschlussbelegung Documentation ADSL-Schnittstelle Domain Autosensing DSL transmission too slow Blowfish Encryption Call-back function Firewall...
  • Page 68 LANCOM 9100 VPN Index Filter Security aspects IP address Network mask IP masquerading Network segment IP router Number of VPN tunnels IPsec Package content ISDN Password Connector cable Password for the ISDN connection D channel PAT – see IP masquerading...
  • Page 69 LANCOM 9100 VPN Index System requirements USB connector TCP/IP Settings Virtual Private Network TCP/IP configuration Virtual Private Networks (VPN) Fully automatic Manual VPN client TCP/IP filter TCP/IP router Settings Connector cable TCP/IP windows size WEBconfig Telnet HTTPS Temperature System requirements...
  • Page 70 LANCOM 9100 VPN Index...

Table of Contents