Lancom Systems 1631E 61082 Benutzerhandbuch
Produktcode
61082
VPN
Enables IPsec VPN based on TCP (at port 443 like HTTPS) which can go through firewalls in networks where e. g. port 500 for IKE is blocked. Suitable
for client-to-site connections (with LANCOM Advanced VPN Client 2.22 or later) and site-to-site connections (LANCOM VPN gateways or routers
with LCOS 8.0 or later). IPSec over HTTPS is based on the NCP VPN Path Finder technology
for client-to-site connections (with LANCOM Advanced VPN Client 2.22 or later) and site-to-site connections (LANCOM VPN gateways or routers
with LCOS 8.0 or later). IPSec over HTTPS is based on the NCP VPN Path Finder technology
IPSec over HTTPS
Max. number of concurrent active IPSec and PPTP tunnels (MPPE): 3. Unlimited configurable connections.
Number of VPN tunnels
Integrated hardware accelerator for 3DES/AES encryption and decryption
Hardware accelerator
Integrated, buffered realtime clock to save the date and time during power failure. Assures timely validation of certificates in any case
Realtime clock
Generates real random numbers in hardware, e. g. for improved key generation for certificates immediately after switching-on
Random number generator
One click function in LANconfig to create VPN client connections, incl. automatic profile creation for the LANCOM Advanced VPN Client
1-Click-VPN Client assistant
Creation of VPN connections between LANCOM routers via drag and drop in LANconfig
1-Click-VPN Site-to-Site
IPSec key exchange with Preshared Key or certificate
IKE
X.509 digital multi-level certificate support, compatible with Microsoft Server / Enterprise Server and OpenSSL, upload of PKCS#12 files via HTTPS
interface and LANconfig. Simultaneous support of multiple certification authorities with the management of up to nine parallel certificate hierarchies
as containers (VPN-1 to VPN-9). Simplified addressing of individual certificates by the hierarchy's container name (VPN-1 to VPN-9). Wildcards for
certificate checks of parts of the identity in the subject. Secure Key Storage protects a private key (PKCS#12) from theft
interface and LANconfig. Simultaneous support of multiple certification authorities with the management of up to nine parallel certificate hierarchies
as containers (VPN-1 to VPN-9). Simplified addressing of individual certificates by the hierarchy's container name (VPN-1 to VPN-9). Wildcards for
certificate checks of parts of the identity in the subject. Secure Key Storage protects a private key (PKCS#12) from theft
Certificates
Automatic creation, rollout and renewal of certificates via SCEP (Simple Certificate Enrollment Protocol) per certificate hierarchy
Certificate rollout
CRL retrieval via HTTP per certificate hierarchy
Certificate revocation lists (CRL)
Check X.509 certifications by using OCSP (Online Certificate Status Protocol) in real time as an alternative to CRLs
OCSP Client
XAUTH client for registering LANCOM routers and access points at XAUTH servers incl. IKE-config mode. XAUTH server enables clients to register
via XAUTH at LANCOM routers. Connection of the XAUTH server to RADIUS servers provides the central authentication of VPN-access with user
name and password. Authentication of VPN-client access via XAUTH and RADIUS connection additionally by OTP token
via XAUTH at LANCOM routers. Connection of the XAUTH server to RADIUS servers provides the central authentication of VPN-access with user
name and password. Authentication of VPN-client access via XAUTH and RADIUS connection additionally by OTP token
XAUTH
Configuration of all VPN client connections in IKE ConfigMode via a single configuration entry
RAS user template
Automated configuration and dynamic creation of all necessary VPN and routing entries based on a default entry for site-to-site connections.
Propagation of dynamically learned routes via RIPv2 if required
Propagation of dynamically learned routes via RIPv2 if required
Proadaptive VPN
3DES (168 bit), AES (128, 192 or 256 bit), Blowfish (128 bit), RSA (128 or -448 bit) and CAST (128 bit). OpenSSL implementation with FIPS-140
certified algorithms. MD-5 or SHA-1 hashes
certified algorithms. MD-5 or SHA-1 hashes
Algorithms
NAT-Traversal (NAT-T) support for VPN over routes without VPN passthrough
NAT-Traversal
VPN data compression based on Deflate compression for higher IPSec throughput on low-bandwidth connections (must be supported by remote
endpoint)
endpoint)
IPCOMP
Enables VPN connections from or to dynamic IP addresses. The IP address is communicated via ISDN B- or D-channel or with the ICMP or UDP
protocol in encrypted form. Dynamic dial-in for remote sites via connection template
protocol in encrypted form. Dynamic dial-in for remote sites via connection template
LANCOM Dynamic VPN
Enables the registration of IP addresses with a Dynamic DNS provider in the case that fixed IP addresses are not used for the VPN connection
Dynamic DNS
DNS forwarding according to DNS domain, e.g. internal names are translated by proprietary DNS servers in the VPN. External names are translated
by Internet DNS servers
by Internet DNS servers
Specific DNS forwarding
Content Filter (optional)
Activate the 30-day trial version after free registration under http://www.lancom.eu/routeroptions
Demo version
Worldwide, redundant rating servers from IBM Security Solutions for querying URL classifications. Database with over 100 million entries covering
about 10 billion web pages. Web crawlers automatically search and classify web sites to provide nearly 150,000 updates per day: They use text
classification by optical character recognition, key word searches, classification by word frequency and combinations, web-site comparison of text,
images and page elements, object recognition of special characters, symbols, trademarks and prohibited images, recognition of pornography and
nudity by analyzing the concentration of skin tones in images, by structure and link analysis, by malware detection in binary files and installation
packages
about 10 billion web pages. Web crawlers automatically search and classify web sites to provide nearly 150,000 updates per day: They use text
classification by optical character recognition, key word searches, classification by word frequency and combinations, web-site comparison of text,
images and page elements, object recognition of special characters, symbols, trademarks and prohibited images, recognition of pornography and
nudity by analyzing the concentration of skin tones in images, by structure and link analysis, by malware detection in binary files and installation
packages
URL filter database/rating server
Additional filtering of HTTPS requests with separate firewall entries
HTTPS filter
Filter rules can be defined in each profile by collecting category profiles from 58 categories, for example to restrict Internet access to business
purposes only (limiting private use) or by providing protection from content that is harmful to minors or hazardous content (e.g. malware sites).
Clearly structured selection due to the grouping of similar categories. Content for each category can be allowed, blocked, or released by override
purposes only (limiting private use) or by providing protection from content that is harmful to minors or hazardous content (e.g. malware sites).
Clearly structured selection due to the grouping of similar categories. Content for each category can be allowed, blocked, or released by override
Categories/category profiles
Each category can be given an optional manual override that allows the user to access blocked content on a case-by-case basis. The override
operates for a limited time period by blocking the category or domain, or a combination of both. Optional notification of the administrator in case
of overrides
operates for a limited time period by blocking the category or domain, or a combination of both. Optional notification of the administrator in case
of overrides
Override
Lists that are manually configured to explicitly allow (whitelist) or block (blacklist) web sites for each profile, independent of the rating server.
Wildcards can be used when defining groups of pages or for filtering sub pages
Wildcards can be used when defining groups of pages or for filtering sub pages
Black-/whitelist
LANCOM 1631E
Features as of: LCOS 8.60