Lancom Systems 1781VA-4G 62042 Manual Do Utilizador
Códigos do produto
62042
High availability / redundancy
VRRP (Virtual Router Redundancy Protocol) for backup in case of failure of a device or remote station. Enables passive standby groups or reciprocal
backup between multiple active devices including load balancing and user definable backup priorities
backup between multiple active devices including load balancing and user definable backup priorities
VRRP
For completely safe software upgrades thanks to two stored firmware versions, incl. test mode for firmware updates
FirmSafe
In case of failure of the main connection, a backup connection is established over the internal LTE modem; automatic return to the main connection
LTE-Backup
In case of failure of the main connection, a backup connection is established over ISDN. Automatic return to the main connection
ISDN backup
Optional operation of an analog or GSM modem at the serial interface
Analog/GSM modem backup
Static and dynamic load balancing over up to 4 WAN connections. Channel bundling with Multilink PPP (if supported by network operator)
Load balancing
Backup of VPN connections across different hierarchy levels, e.g. in case of failure of a central VPN concentrator and re-routing to multiple distributed
remote sites. Any number of VPN remote sites can be defined (the tunnel limit applies only to active connections). Up to 32 alternative remote
stations, each with its own routing tag, can be defined per VPN connection. Automatic selection may be sequential, or dependant on the last
connection, or random (VPN load balancing)
remote sites. Any number of VPN remote sites can be defined (the tunnel limit applies only to active connections). Up to 32 alternative remote
stations, each with its own routing tag, can be defined per VPN connection. Automatic selection may be sequential, or dependant on the last
connection, or random (VPN load balancing)
VPN redundancy
Line monitoring with LCP echo monitoring, dead-peer detection and up to 4 addresses for end-to-end monitoring with ICMP polling
Line monitoring
VPN
Enables IPsec VPN based on TCP (at port 443 like HTTPS) which can go through firewalls in networks where e. g. port 500 for IKE is blocked. Suitable
for client-to-site connections (with LANCOM Advanced VPN Client 2.22 or later) and site-to-site connections (LANCOM VPN gateways or routers
with LCOS 8.0 or later). IPSec over HTTPS is based on the NCP VPN Path Finder technology
for client-to-site connections (with LANCOM Advanced VPN Client 2.22 or later) and site-to-site connections (LANCOM VPN gateways or routers
with LCOS 8.0 or later). IPSec over HTTPS is based on the NCP VPN Path Finder technology
IPSec over HTTPS
Max. number of concurrent active IPSec, PPTP (MPPE) and L2TPv2 tunnels: 5 (25 with VPN 25 Option). Unlimited configurable connections.
Configuration of all remote sites via one configuration entry when using the RAS user template or Proadaptive VPN.
Configuration of all remote sites via one configuration entry when using the RAS user template or Proadaptive VPN.
Number of VPN tunnels
Integrated hardware accelerator for 3DES/AES encryption and decryption
Hardware accelerator
Integrated, buffered realtime clock to save the date and time during power failure. Assures timely validation of certificates in any case
Realtime clock
Generates real random numbers in hardware, e. g. for improved key generation for certificates immediately after switching-on
Random number generator
One click function in LANconfig to create VPN client connections, incl. automatic profile creation for the LANCOM Advanced VPN Client
1-Click-VPN Client assistant
Creation of VPN connections between LANCOM routers via drag and drop in LANconfig
1-Click-VPN Site-to-Site
IPSec key exchange with Preshared Key or certificate
IKE
X.509 digital multi-level certificate support, compatible with Microsoft Server / Enterprise Server and OpenSSL, upload of PKCS#12 files via HTTPS
interface and LANconfig. Simultaneous support of multiple certification authorities with the management of up to nine parallel certificate hierarchies
as containers (VPN-1 to VPN-9). Simplified addressing of individual certificates by the hierarchy's container name (VPN-1 to VPN-9). Wildcards for
certificate checks of parts of the identity in the subject. Secure Key Storage protects a private key (PKCS#12) from theft
interface and LANconfig. Simultaneous support of multiple certification authorities with the management of up to nine parallel certificate hierarchies
as containers (VPN-1 to VPN-9). Simplified addressing of individual certificates by the hierarchy's container name (VPN-1 to VPN-9). Wildcards for
certificate checks of parts of the identity in the subject. Secure Key Storage protects a private key (PKCS#12) from theft
Certificates
Automatic creation, rollout and renewal of certificates via SCEP (Simple Certificate Enrollment Protocol) per certificate hierarchy
Certificate rollout
CRL retrieval via HTTP per certificate hierarchy
Certificate revocation lists (CRL)
Check X.509 certifications by using OCSP (Online Certificate Status Protocol) in real time as an alternative to CRLs
OCSP Client
XAUTH client for registering LANCOM routers and access points at XAUTH servers incl. IKE-config mode. XAUTH server enables clients to register
via XAUTH at LANCOM routers. Connection of the XAUTH server to RADIUS servers provides the central authentication of VPN-access with user
name and password. Authentication of VPN-client access via XAUTH and RADIUS connection additionally by OTP token
via XAUTH at LANCOM routers. Connection of the XAUTH server to RADIUS servers provides the central authentication of VPN-access with user
name and password. Authentication of VPN-client access via XAUTH and RADIUS connection additionally by OTP token
XAUTH
Configuration of all VPN client connections in IKE ConfigMode via a single configuration entry
RAS user template
Automated configuration and dynamic creation of all necessary VPN and routing entries based on a default entry for site-to-site connections.
Propagation of dynamically learned routes via RIPv2 if required
Propagation of dynamically learned routes via RIPv2 if required
Proadaptive VPN
3DES (168 bit), AES (128, 192 or 256 bit), Blowfish (128 bit), RSA (1024-4096 bit) and CAST (128 bit). OpenSSL implementation with FIPS-140
certified algorithms. MD-5, SHA-1, SHA-256, SHA-384 or SHA-512 hashes
certified algorithms. MD-5, SHA-1, SHA-256, SHA-384 or SHA-512 hashes
Algorithms
Wirespeed NAT performance through hardware support (offloading) for plain IP connections (incl. DHCP) where source and destination addresses
are not withn the same /20 network.
are not withn the same /20 network.
Hardware NAT
NAT-Traversal (NAT-T) support for VPN over routes without VPN passthrough
NAT-Traversal
VPN data compression based on Deflate compression for higher IPSec throughput on low-bandwidth connections (must be supported by remote
endpoint)
endpoint)
IPCOMP
Enables VPN connections from or to dynamic IP addresses. The IP address is communicated via ISDN B- or D-channel or with the ICMP or UDP
protocol in encrypted form. Dynamic dial-in for remote sites via connection template
protocol in encrypted form. Dynamic dial-in for remote sites via connection template
LANCOM Dynamic VPN
Enables the registration of IP addresses with a Dynamic DNS provider in the case that fixed IP addresses are not used for the VPN connection
Dynamic DNS
LANCOM 1781VA-4G
Features as of: LCOS 9.00