Advertisement
LANCOM OAP-321-3G
Security
URL blocker
Password protection
Alerts
Authentication mechanisms
Network protection
WLAN protocol filters
IP redirect
High availability / redundancy
VRRP
FirmSafe
UMTS backup
Load balancing
VPN redundancy
Line monitoring
VPN
IPSec over HTTPS
Number of VPN tunnels
Hardware accelerator
Realtime clock
Random number generator
1- Click- VPN Client assistant
1- Click- VPN Site- to- Site
IKE
Certificates
Certificate rollout
Certificate revocation lists (CRL)
OCSP Client
XAUTH
RAS user template
Proadaptive VPN
Algorithms
NAT- Traversal
IPCOMP
Filtering of unwanted URLs based on DNS hitlists and wildcard filters. Extended functionality with Content Filter Option
Password- protected configuration access can be set for each interface
Alerts via e- mail, SNMP- Traps and SYSLOG
EAP- TLS, EAP- TTLS, PEAP, MS- CHAP, MS- CHAPv2 as EAP authentication mechanisms, PAP, CHAP, MS- CHAP and MS- CHAPv2
as PPP authentication mechanisms
Network protection via site verification by GPS positioning, device stops operating if ist location is changed.
Limitation of the allowed transfer protocols, source and target addresses on the WLAN interface
Fixed redirection of any packet received over the WLAN interface to a dedicated target address
VRRP (Virtual Router Redundancy Protocol) for backup in case of failure of a device or remote station. Enables passive standby
groups or reciprocal backup between multiple active devices including load balancing and user definable backup priorities
For completely safe software upgrades thanks to two stored firmware versions, incl. test mode for firmware updates
In case of failure of the main connection, a backup connection is established over the internal UMTS modem; automatic return
to the main connection
Static and dynamic load balancing over up to 2 WAN connections. Channel bundling with Multilink PPP (if supported by network
operator)
Backup of VPN connections across different hierarchy levels, e.g. in case of failure of a central VPN concentrator and re- routing
to multiple distributed remote sites. Any number of VPN remote sites can be defined (the tunnel limit applies only to active
connections). Up to 32 alternative remote stations, each with its own routing tag, can be defined per VPN connection. Automatic
selection may be sequential, or dependant on the last connection, or random (VPN load balancing)
Line monitoring with LCP echo monitoring, dead- peer detection and up to 4 addresses for end- to- end monitoring with ICMP
polling
Enables IPsec VPN based on TCP (at port 443 like HTTPS) which can go through firewalls in networks where e. g. port 500 for
IKE is blocked. Suitable for client- to- site connections (with LANCOM Advanced VPN Client 2.22 or later) and site- to- site
connections (LANCOM VPN gateways or routers with LCOS 8.0 or later). IPSec over HTTPS is based on the NCP VPN Path Finder
technology
5 IPSec connections active simultaneously (25 with VPN- 25 Option), unlimited configurable connections. Configuration of all
remote sites via one configuration entry when using the RAS user template or Proadaptive VPN. Max. total sum of concurrently
active IPSec and PPTP tunnels: 5 (25 with VPN 25 Option)
Integrated hardware accelerator for 3DES/AES encryption and decryption
Integrated buffered realtime clock to save the date and time during power failure. Assures timely validation of certificates in any
case
Generates real random numbers in hardware, e. g. for improved key generation for certificates immediately after switching- on
One click function in LANconfig to create VPN client connections, incl. automatic profile creation for the LANCOM Advanced
VPN Client
Creation of VPN connections between LANCOM routers via drag and drop in LANconfig
IPSec key exchange with Preshared Key or certificate
X.509 digital multi- level certificate support, compatible with Microsoft Server / Enterprise Server and OpenSSL, upload of
PKCS#12 files via HTTPS interface and LANconfig. Simultaneous support of multiple certification authorities with the
management of up to nine parallel certificate hierarchies as containers (VPN- 1 to VPN- 9). Simplified addressing of individual
certificates by the hierarchy's container name (VPN- 1 to VPN- 9). Wildcards for certificate checks of parts of the identity in the
subject. Secure Key Storage protects a private key (PKCS#12) from theft
Automatic creation, rollout and renewal of certificates via SCEP (Simple Certificate Enrollment Protocol) per certificate hierarchy
CRL retrieval via HTTP per certificate hierarchy
Check X.509 certifications by using OCSP (Online Certificate Status Protocol) in real time as an alternative to CRLs
XAUTH client for registering LANCOM routers and access points at XAUTH servers incl. IKE- config mode. XAUTH server enables
clients to register via XAUTH at LANCOM routers. Connection of the XAUTH server to RADIUS servers provides the central
authentication of VPN- access with user name and password. Authentication of VPN- client access via XAUTH and RADIUS
connection additionally by OTP token
Configuration of all VPN client connections in IKE ConfigMode via a single configuration entry
Automated configuration and dynamic creation of all necessary VPN and routing entries based on a default entry for site- to-
site connections. Propagation of dynamically learned routes via RIPv2 if required
3DES (168 bit), AES (128, 192 or 256 bit), Blowfish (128 bit), RSA (128 or - 448 bit) and CAST (128 bit). OpenSSL implementation
with FIPS- 140 certified algorithms. MD- 5 or SHA- 1 hashes
NAT- Traversal (NAT- T) support for VPN over routes without VPN passthrough
VPN data compression based on LZS or Deflate compression for higher IPSec throughput
Scope of features: as of LCOS version 8.5x
Advertisement
