Lancom Systems 7111 VPN Benutzerhandbuch
LANCOM 7111 VPN – LANCOM 8011 VPN
Chapter 10: Appendix
70
EN
10 Appendix
10.1
Performance data and specifications
LANCOM 7111 VPN
LANCOM 8011 VPN
Firewall
Stateful inspection, IP packet filter with port ranges; masquerading (NAT/PAT) of TCP,
UDP, ICMP, FTP, PPTP, H.323, NetMeeting IRC and IPSec; DNS forwarding; inverse mas-
querading for IP services from the Intranet such as web server; support of 2 local net-
works; e.g. DMZ with own IP address range without NAT, port mapping.
UDP, ICMP, FTP, PPTP, H.323, NetMeeting IRC and IPSec; DNS forwarding; inverse mas-
querading for IP services from the Intranet such as web server; support of 2 local net-
works; e.g. DMZ with own IP address range without NAT, port mapping.
Quality of Service
Dynamic bandwidth management with IP traffic-shaping/limiting with dynamic, abso-
lute or per connection transfer limits or guaranteed minimum bandwidths, separated
from send or receive site, TOS or DiffServ priority queuing, automatic packet size
adoption incl. PMTU adjustment or fragmentation.
lute or per connection transfer limits or guaranteed minimum bandwidths, separated
from send or receive site, TOS or DiffServ priority queuing, automatic packet size
adoption incl. PMTU adjustment or fragmentation.
Security
Intrusion detection (IP spoofing, login attempt, port scans), denial-of-service protec-
tion (fragmentation error, SYNflooding, automatic closing of ports/connections). DNS
hitlist as well as wild card filter (URL blocking). High availability with ISDN dial backup
for Internet access or VPN connections. Email alerting, SNMP traps and SYSLOG. PAP,
CHAP and MS-CHAP as PPP authentification, password-protected configuration
remote access per interface, access control list (IP, MAC and protocol filter) for config-
uration access and LANCAPI, ISDN remote access list. FirmSafe with two firmware ver-
sions for absolute secure software upgrades.
tion (fragmentation error, SYNflooding, automatic closing of ports/connections). DNS
hitlist as well as wild card filter (URL blocking). High availability with ISDN dial backup
for Internet access or VPN connections. Email alerting, SNMP traps and SYSLOG. PAP,
CHAP and MS-CHAP as PPP authentification, password-protected configuration
remote access per interface, access control list (IP, MAC and protocol filter) for config-
uration access and LANCAPI, ISDN remote access list. FirmSafe with two firmware ver-
sions for absolute secure software upgrades.
VPN/IPSec
100 IPSec sessions parallel.
200 IPSec sessions parallel. Can be
upgraded to 500 or 1000 channels.
upgraded to 500 or 1000 channels.
Encryption methods: AES and 3-DES (for LANCOM 8011 VPN with hardware accelera-
tion), Blowfish, CAST, MD-5 or SHA-1 Hashes IKE with Preshared Keys, IKE config
mode. Up to 8 redundant VPN gateways for load balancving and high availability.
tion), Blowfish, CAST, MD-5 or SHA-1 Hashes IKE with Preshared Keys, IKE config
mode. Up to 8 redundant VPN gateways for load balancving and high availability.
IPSec clients
LANCOM Advanced VPN Client for windows operating systems, incl. firewall, auto-
matic line management, X.auth/Config Mode, IPCOMP etc., available in different
license scales.
matic line management, X.auth/Config Mode, IPCOMP etc., available in different
license scales.
LANCOM Dynamic VPN
Connection to dynamic IP addresses: transferring of the dynamic IP address via ISDN B
or D channel, IKE main mode. Connection from dynamic to static IP addresses:
encrypted transferring of the dynamic IP address via ICMP or UDP packet, IKE Main
Mode.
or D channel, IKE main mode. Connection from dynamic to static IP addresses:
encrypted transferring of the dynamic IP address via ICMP or UDP packet, IKE Main
Mode.
Router modes, services and
interfaces
interfaces
IP, IPX and NetBIOS/IP multi protocol Router, HTTP and HTTPS Server (WEBconfig),
DNS Client, DNS Server, DNS Relay, DNS Proxy, DHCP Client, DHCP Relay and DHCP
Server incl. auto detection, Dynamic DNS Client, NTP Client, SNTP Server, NetBIOS/IP
Proxy, N : N IP address mapping
DNS Client, DNS Server, DNS Relay, DNS Proxy, DHCP Client, DHCP Relay and DHCP
Server incl. auto detection, Dynamic DNS Client, NTP Client, SNTP Server, NetBIOS/IP
Proxy, N : N IP address mapping
LAN protocols
IP: ARP, Proxy ARP, IP, ICMP, UDP, TCP, TFTP, RIP-1, RIP-2, DHCP, DNS, SNMP, HTTP,
HTTPS, BOOTP, NTP/SNTP, NetBIOS, RADIUS, LANCAPI
IPX: RIP, SAP, IPX and SPX watchdogs, NetBIOS watchdogs
HTTPS, BOOTP, NTP/SNTP, NetBIOS, RADIUS, LANCAPI
IPX: RIP, SAP, IPX and SPX watchdogs, NetBIOS watchdogs
WAN protocols
WAN protocols (ISDN)
WAN protocols (ISDN)
PPPoE, Multi-PPPoE, PPTP (PAC or PNS) and Plain Ethernet (with and without DHCP)
D channel: 1TR6, DSS1 (Euro ISDN); B channel: PPP (asynchronous/synchronous),
X.75, HDLC, ML PPP for channel bundling, V.110/GSM/HSCSD, CAPI 2.0 via LANCAPI,
Stac data compression, leased line support for D64, D64S2, D64SY
D channel: 1TR6, DSS1 (Euro ISDN); B channel: PPP (asynchronous/synchronous),
X.75, HDLC, ML PPP for channel bundling, V.110/GSM/HSCSD, CAPI 2.0 via LANCAPI,
Stac data compression, leased line support for D64, D64S2, D64SY