Lancom Systems 1821n LS61380 Benutzerhandbuch
Produktcode
LS61380
LANCOM 1821n Wireless
Scope of features: as of LCOS version LCOS 7.7x
Authentication mechanisms
EAP- TLS, EAP- TTLS, PEAP, MS- CHAP, MS- CHAPv2 as EAP authentication mechanisms, PAP, CHAP, MS- CHAP and MS- CHAPv2
as PPP authentication mechanisms
as PPP authentication mechanisms
Anti- theft
Anti- theft ISDN site verification over B or D channel (self- initiated call back and blocking)
WLAN protocol filters
Limitation of the allowed transfer protocols, source and target addresses on the WLAN interface
Adjustable reset button
Adjustable reset button for "ignore", "boot- only" and "reset- or- boot"
IP redirect
Fixed redirection of any packet received over the WLAN interface to a dedicated target address
High availability / redundancy
VRRP
VRRP (Virtual Router Redundancy Protocol) for backup in case of failure of a device or remote station. Enables passive standby
groups or reciprocal backup between multiple active devices including load balancing and user definable backup priorities
groups or reciprocal backup between multiple active devices including load balancing and user definable backup priorities
FirmSafe
For completely safe software upgrades thanks to two stored firmware versions, incl. test mode for firmware updates
ISDN backup
In case of failure of the main connection, a backup connection is established over ISDN. Automatic return to the main connection
Analog/GSM modem backup
Optional operation of an analog or GSM modem at the serial interface
Load balancing
Static and dynamic load balancing over up to 4 WAN connections. Channel bundling with Multilink PPP (if supported by network
operator)
operator)
VPN redundancy
Control of up to 16 redundant VPN gateways for high availability or load balancing
Line monitoring
Line monitoring with LCP echo monitoring, dead- peer detection and up to 4 addresses for end- to- end monitoring with ICMP
polling
polling
VPN
1- Click- VPN Client assistant
One click function in LANconfig to create VPN client connections, incl. automatic profile creation for the LANCOM Advanced
VPN Client
VPN Client
1- Click- VPN Site- to- Site
Creation of VPN connections between LANCOM routers via drag and drop in LANconfig
Number of VPN tunnels
5 IPSec connections active simultaneously (25 with VPN- 25 Option), unlimited configurable connections. Configuration of all
remote sites via one configuration entry when using the RAS user template or Proadaptive VPN
remote sites via one configuration entry when using the RAS user template or Proadaptive VPN
Hardware accelerator
Integrated hardware accelerator for 3DES/AES encryption and decryption
IKE
IPSec key exchange with Preshared Key or certificate
Certificates
X.509 digital multi- level certificate support, compatible with Microsoft Server / Enterprise Server and OpenSSL, upload of
PKCS#12 files via HTTPS interface and LANconfig. Secure Key Storage protects a private key (PKCS#12) from theft
PKCS#12 files via HTTPS interface and LANconfig. Secure Key Storage protects a private key (PKCS#12) from theft
Certificate rollout
Automatic creation, rollout and renewal of certificates via SCEP (Simple Certificate Enrollment Protocol)
Certificate revocation lists (CRL)
CRL retrieval via HTTP
XAUTH
XAUTH client for registering LANCOM routers and access points at XAUTH servers incl. IKE- config mode. XAUTH server enables
clients to register via XAUTH at LANCOM routers
clients to register via XAUTH at LANCOM routers
RAS user template
Configuration of all VPN client connections in IKE ConfigMode via a single configuration entry
Proadaptive VPN
Automated configuration and dynamic creation of all necessary VPN and routing entries based on a default entry for site- to-
site connections. Propagation of dynamically learned routes via RIPv2, if required
site connections. Propagation of dynamically learned routes via RIPv2, if required
VPN Backup
Backup of VPN connections across different hierarchy levels, e.g. in case of failure of a central VPN concentrator and re- routing
to multiple distributed remote sites. Any number of VPN remote sites can be defined (the tunnel limit applies only to active
connections)
to multiple distributed remote sites. Any number of VPN remote sites can be defined (the tunnel limit applies only to active
connections)
Algorithms
3DES (168 bit), AES (128, 192 or 256 bit), Blowfish (128 bit), RSA (128 or - 448 bit) and CAST (128 bit). OpenSSL implementation
with FIPS- 140 certified algorithms. MD- 5 or SHA- 1 hashes
with FIPS- 140 certified algorithms. MD- 5 or SHA- 1 hashes
NAT- Traversal
NAT- Traversal (NAT- T) support for VPN over routes without VPN passthrough
IPCOMP
VPN data compression based on LZS or Deflate compression for higher IPSec throughput
LANCOM Dynamic VPN
Enables VPN connections from or to dynamic IP addresses. The IP address is communicated via ISDN B- or D- channel or with
the ICMP or UDP protocol in encrypted form. Dynamic dial- in for remote sites via connection template
the ICMP or UDP protocol in encrypted form. Dynamic dial- in for remote sites via connection template
Dynamic DNS
Enables the registration of IP addresses with a Dynamic DNS provider in the case that fixed IP addresses are not used for the
VPN connection
VPN connection
Specific DNS forwarding
DNS forwarding according to DNS domain, e.g. internal names are translated by proprietary DNS servers in the VPN. External
names are translated by Internet DNS servers
names are translated by Internet DNS servers
VPN throughput (max., AES)
1416- byte frame size UDP
46 Mbps
256- byte frame size UDP
8 Mbps
IMIX
14 Mbps
Firewall throughput (max.)
1518- byte frame size UDP
65 Mbps
256- byte frame size UDP
17 Mbps
Security