LANCOM 7011 VPN – LANCOM 8011 VPN
© 2004 LANCOM Systems GmbH, Wuerselen (Germany). All rights reserved. While the information in this manual has been compiled with great care, it may not be deemed an assurance of product characteristics. LANCOM Systems shall be liable only to the degree specified in the terms of sale and delivery. The reproduction and distribution of the documentation and software included with this product is subject to written permission by LANCOM Systems.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Preface Preface Thank you for placing your trust in this LANCOM product. 왘 Due to the Fast Ethernet uplink, LANCOM devices are ideal partners for all connection variants. 왘 Integrated LANCOM High Security Firewall 왘 With 200 up to 1000 VPN channels the LANCOM VPN series offers enough capacity for high-bandwidth couplings (LANCOM 8011 VPN with hardware accelerator).
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Preface We ask you additionally to inform you about technical developments and actual hints to your product on our Web page www.lancom.de, and to download new software versions if necessary. User manual and reference manual The documentation of your device consists of two parts: the user manual and the reference manual. EN You are now reading the user manual. It contains all information you need to start your LANCOM VPN.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Preface This documentation was compiled … ...by several members of our staff from a variety of departments in order to ensure you the best possible support when using your LANCOM product. In case you encounter any errors, or just want to issue critics or enhancements, please do not hesitate to send an email directly to: EN info@lancom.de Our online services ( www.lancom.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Contents Contents Introduction 9 1.1 Which use does VPN offer? 9 1.2 Firewall 12 1.3 What does a router do? 1.3.1 Bridgehead to the WAN 1.3.2 Areas of deployment for routers 13 14 14 1.4 What can your LANCOM VPN do? 15 EN 1 2 3 4 6 Installation 17 2.1 Package contents 17 2.2 System preconditions 17 2.3 Introducing LANCOM VPN 2.3.1 Status displays 2.3.2 The back of the unit 18 18 24 2.4 Hardware installation 25 2.
LANCOM 7011 VPN – LANCOM 8011 VPN 5 6 7 8 Linking two networks 42 5.1 What information is necessary? 5.1.1 General information 5.1.2 Settings for the TCP/IP router 5.1.3 Settings for the IPX router 5.1.4 Settings for NetBIOS routing 43 43 45 46 47 5.2 Instructions for LANconfig 48 5.3 Instructions for WEBconfig 48 Providing dial-up access 50 6.1 Which information is required? 6.1.1 General information 6.1.2 Settings for TCP/IP 6.1.3 Settings for IPX 6.1.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Contents 9 EN 10 11 8 Troubleshooting 66 9.1 No WAN connection is established 66 9.2 DSL data transfer is slow 66 9.3 Unwanted connections under Windows XP 67 9.4 Cable testing 67 Appendix 69 10.1 Performance data and specifications 69 10.2 Contact assignment 10.2.1 DSL interface 10.2.2 ISDN-S0 interface 10.2.3 Ethernet interfaces 10/100Base-T 10.2.4 Configuration interface (Outband) 71 71 71 72 72 10.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 1: Introduction 1 Introduction Due to the Fast Ethernet uplink, the devices are the ideal partner for almost all WAN connection variants. The integrated multi protocol router and the integrated firewall enable a secure internet access for the local network. The ISDN interface is mainly used to establish Dynamic VPN connections to remote sites with dynamic IP addresses. 1.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 1: Introduction Conventional network infrastructure First, let's have a look at a typical network structure that can be found in this form or similar forms in many companies: EN LAN Head Office LAN Workstation in remote access, e.g. homework Internet Subsidiary The corporate network is based on the internal network (LAN) in the headquarters.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 1: Introduction to the original investment costs, ongoing costs are also incurred for the administration and maintenance of this equipment. Networking via the Internet EN The following structure results when using the Internet instead of direct connections : LAN Head Office Internet LAN Subsidiary Workstation in remote access All participants have fixed or dial-up connections to the Internet. Expensive dedicated lines are no longer needed.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 1: Introduction technologies such as DSL (Digital Subscriber Line) or G.703 (2-Mbit leased lines). But also a conventional ISDN line can be used. The technologies of the individual participants do not have to be compatible to one another, as would be the case for conventional direct connections. A single Internet access can be used to establish multiple simultaneous logical connections to a variety of remote stations.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Denial-of-Service Protection Attacks from the Internet can be break-in attempts as well as attacks with the aim of blocking the accessibility and functionality of individual services. Therefore a LANCOM Wireless DSL is equipped with appropriate protective mechanisms, which recognize well-known hacker attacks and which guarantee the functionality.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 1: Introduction Connecting a LAN to the Internet does not technically differ from coupling two LANs. The only difference is that it is not just a handful of computers behind the Internet provider's router. Instead, it is the net of the networks the public Internet. 1.3.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 1: Introduction access to the Internet is required on either side of the network interconnection. EN VPN tunnel via the Internet VPN gateways 컄 Conventional via ISDN Without VPN, a LAN to LAN interconnection can alternatively be realized via ISDN. In this case, an intelligent line management and sophisticated filter mechanisms keeps connection costs low.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 1: Introduction LANCOM 7011 VPN NetBIOS proxy for coupling of Microsoft peer-to-peer networks via ISDN DHCP and DNS server (for LAN and WAN) EN N:N mapping for coupling existing networks with same IP address ranges LANCAPI server for the operating with office applications as fax or answering machine via ISDN interface WAN connection Fast Ethernet ISDN S0 for establishing Danymic VPN connections to remote sites with dynamic IP addresses LAN connection 4 indivi
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 2: Installation 2 Installation This chapter will assist you to quickly install hardware and software. First, check the package contents and system requirements. The device can be installed and configured quickly and easily if all prerequisites are fulfilled. Package contents Please check the package contents for completeness before starting the installation.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 2: Installation The LANtools and the LANCAPI functions also require a Windows operating system. A web browser is required for access to WEBconfig. 2.3 Introducing LANCOM VPN EN This section introduces your device. We will give you an overview of all status displays, connections and switches. While the information in this section is useful for the installation of the device, it is not absolutely essential.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 2: Installation Top panel The two LEDs on the top panel provide a convenient overview of the most important status information, especially when the device is installed vertically. EN Only LANCOM 7011 VPN Power Online Meanings of the LEDs In the following sections we will use different terms to describe the behaviour of the LEDs: 왘 Blinking means, that the LED is switched on or off at regular intervals in the respective indicated colour.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 2: Installation Flashing Power LED but no connection? There's no need to worry if the Power LED blinks red and you can no longer connect to the WAN. This simply indicates that a preset time or connect-charge limit has been reached. There are three methods available for unlocking: 왘 Reset connect charge protection. 왘 Increase the limit that has been reached. 왘 Completely deactivate the lock that has been triggered (set limit to '0').
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 2: Installation Connection status of the WAN connection: off green WAN data Not connected blinking green flashing Protocol negotiations green constantly on Connection established Data traffic via the WAN connection: off ISDN status Establishing first connection EN WAN link No network device connected green constantly on Connection established green flickering Data traffic (send or receive) red flickering Collision of packets Connecti
LANCOM 7011 VPN – LANCOM 8011 VPN EN 왘 Chapter 2: Installation LAN link (only LANCOM 7011 VPN) green inverse flashing Establishing further connection (only if B channel 1 and B channel 2 share display) green constantly on Connection established via B channel green flickering Data traffic (send or receive) Connecting status of the LAN interface: off green LAN data (only LANCOM 7011 VPN) No network device connected constantly on Data traffic on the LAN interface: off DMZ link (only LANCOM 701
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 2: Installation VPN connection status off Security COM (only LANCOM 8011 VPN) No VPN channel established green blinking Connection established green flashing First connection green inverse flashing Further connections green constantly on VPN channel is established EN VPN Status of the Firewall. Shows the state of security settings and blocked attacks on the secured network. green constantly on Security settings are okay.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 2: Installation 2.3.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 2: Installation Reset switch The following ports can be found on the back: Voltage Switch The reset switch has two different functions depending on the length of time that it is pressed: 왘 Restarting the device (soft reset) – push the button for less than five seconds. The device will restart. 왘 Resetting the configuration (hard reset) – push the button for more than five seconds. All the device's LEDs will light up green and stay on.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 2: Installation Only LANCOM 7011 VPN DMZ – connect a PC with the included crossover cable to the DMZ port . WAN – connect the WAN port with the included connector cable (dark blue plug) e. g. with the ethernet port of a DSL modem or of a cable modem.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 2: Installation Example for LANCOM 8011 VPN EN Configuration PC with serial port ISDN-(NTBA) LAN DMZ Network terminator, e.g. SDSL modem 2.5 Software installation This section covers the installation of the included system software LANtools for Windows. You may skip this section if you use your LANCOM VPN exclusively with computers running operating systems other than Windows. 2.5.1 Starting LANCOM setup Place the LANCOM CD in your CD drive.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 2: Installation EN In Setup select Install LANCOM Software. The following selection menus will appear on the screen: 2.5.2 Which software should you install? 왘 LANconfig is the configuration program for all LANCOM routers and Wireless LAN access points. WEBconfig can be used alternatively or in addition via a web browser. 왘 LANmonitor lets you monitor on a Windows PC all LANCOM routers and Wireless LAN access points. 왘 LANCAPI is a special form of the CAPI-2.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 3: Basic configuration 3 Basic configuration First, this chapter will inform you which information is required for the basic configuration. Use this section to assemble the information you will need before launching the wizard. Next, enter the data in the setup wizard. Launching the wizard and the process itself are described step by step - with separate sections for LANconfig and WEBconfig.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 3: Basic configuration New LAN—fully automatic configuration possible If all connected network devices are still unconfigured, the setup wizard will suggest fully automatic TCP/IP configuration. This may be the case in the following situations: 왘 a single PC is connected to the router 왘 setup of a new network EN Fully automatic TCP/IP configuration will not be available when integrating the LANCOM VPN in an existing TCP/IP LAN.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 3: Basic configuration 왘 Enable DHCP server? Disable the DHCP server function in the LANCOM VPN if you would like to have a different DHCP server assign the IP addresses in your LAN. Configuration protection The password for configuration access to the LANCOM VPN protects the configuration against unauthorized access. The configuration of the router contains a considerable amount of sensitive information such as your Internet access information.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 3: Basic configuration 3.1.5 Connect charge protection Connect charge protection blocks connections that go beyond a previously set amount, protecting you from unexpectedly high connection costs. EN In LANCOM VPN, there are three independent budgets: For DSL access, you can set a maximum connection time in minutes. In addition to this time budget, there is also a budget for limiting ISDN connection charges.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 3: Basic configuration (netmask > '255.255.255.0'), please ensure that the IP address 'x.x.x.254' is located in your own subnet. If you would like to configure the TCP/IP settings manually, assign an available address from a suitable address range to the LANCOM VPN. Confirm your choice with Next. Specify whether or not the router should act as a DHCP server. Make your selection and confirm with Next.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 3: Basic configuration Section ’TCP/IP settings to workstation PCs’ on page 37 will describe the settings required for the individual workstations in the LAN. 3.3 Instructions for WEBconfig EN To configure the router with WEBconfig you must know how to address it in the LAN. An unconfigured LANCOM VPN always reacts to a certain IP address, and in some network configurations even to a name.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 3: Basic configuration Starting the wizards in WEBconfig Start your web browser (e.g. Internet Explorer, Netscape Navigator, Opera) and call the LANCOM VPN there: http:// If you cannot access an unconfigured LANCOM VPN, the problem may be due to the netmask of the LAN: with less than 254 possible hosts (netmask > '255.255.255.0'), please ensure that the IP address 'x.x.x.254' is located in your own subnet.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 3: Basic configuration The setup wizards are tailored precisely to the functionality of the specific LANCOM VPN. As a result, your device may offer different wizards than those shown here. If you have chosen automatic TCP/IP configuration, please continue with Step . EN If you would like to configure the TCP/IP settings manually, assign an available address from a suitable address range to the LANCOM VPN.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 3: Basic configuration Connect charge protection can limit the cost of DSL and ISDN connections to a predetermined amount if desired. Confirm your choice with Apply. Enter the ISDN subscriber numbers (as MSNs, i.e. without area code) on which the router will accept calls. Multiple numbers are separated by semicolons. If you do not specify any MSNs, the router will answer all incoming calls on the ISDN connection.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 3: Basic configuration 왘 IP address assignment via the LANCOM VPN (default) In this operating mode the LANCOM VPN not only assigns IP addresses to the PCs in the LAN, it also uses DHCP to specify its own IP address as that of the default gateway and DNS server. The PCs must therefore be configured so that they automatically obtain their own IP address and the IP addresses of the standard gateway and DNS server (via DHCP).
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 4: Setting up Internet access 4 Setting up Internet access EN All computers in the LAN can take advantage of the central Internet access of the LANCOM VPN. The connection to the Internet provider can be established via any WAN connection. Internet access via ISDN can be used as a backup connection for DSL, for example.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 4: Setting up Internet access 왘 ISDN – dial-in number 컄 User name and password Additional connection options You may also enable or disable further options in the wizard, depending on whether or not they are supported by your Internet provider: EN 왘 Time-based billing or flat rate – select the accounting model used by your Internet provider.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 4: Setting up Internet access 4.1 Instructions for LANconfig EN Highlight the LANCOM VPN in the selection window. From the menu bar, select Tools 왘 Setup Wizard. From the menu, select the Setup Internet access wizard and click Next. In the following window select your country and your Internet provider if possible, and enter your access information.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 5: Linking two networks 5 Linking two networks With the network interconnection (also known as LAN to LAN coupling) of the LANCOM VPN, two local networks are linked. The LAN to LAN coupling can be realized in principle in two different ways: EN 왘 VPN: For coupling via VPN, the connection between both LANs is established over a specially secured connection through the public Internet. A router with VPN support is required in both LANs.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 5: Linking two networks The ISDN call back function cannot be configured using the wizard. It can only be set up in the expert configuration. For details, please see the reference manual. What information is necessary? The wizard will prompt you for the necessary information on a step-by-step basis. If possible, however, you should have it available before launching the wizard.
LANCOM 7011 VPN – LANCOM 8011 VPN EN 왘 Chapter 5: Linking two networks Coupling Entry Gateway 1 Gateway 2 VPN Netmask of the remote network 255.255.255.0 255.255.255.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 The password for the ISDN connection is an alternative to the use of the ISDN caller ID. It is always used to authenticate callers that do not send an ISDN caller ID. The exact same password must be entered on both sides. It is used for calls in both directions. 왘 The Shared Secret is the central password for security within the VPN.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 5: Linking two networks DNS access to the remote LAN Thanks to DNS, it is not only possible to access remote computers in a TCP/IP network via their IP address, but also by using freely defined names. EN For example, the computer with the name 'pc1.branch.company' (IP 10.0.2.10) will not only be able to access the server of the head office via its IP address, but also via its name, 'server.head.company'.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 5: Linking two networks 왘 for the LAN of the head office 왘 for the LAN of the branch office 왘 for the higher-level WAN The IPX network numbers in the head and branch offices are specified to the respective remote sides. EN IPX internal net: 00020002 WAN IPX network no.: 00000009 VPN or ISDN connection (0123) 123456 LAN of the head office IPX network no.: 00000001 Binding: Ethernet_II (0789) 654321 LAN of the branch office IPX network no.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 5: Linking two networks Remote Windows workgroups do not appear in the Windows Network Neighbourhood, but can only be contacted directly (e.g. via Find Computers). 5.2 Instructions for LANconfig EN Perform the configuration on both routers, one at a time. Launch the 'Connect two local area networks' wizard. Follow the wizard's instructions and enter the required information.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 5: Linking two networks From the main menu, launch the 'Connect two local area networks' wizard. Follow the wizard's instructions and enter the required information. After finishing the configuration of both routers, you can test the network connection. Try to contact a computer in the remote LAN (e.g. with a ping). The LANCOM VPN should automatically set up a connection to the remote station and contact the required computer.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 6: Providing dial- up access 6 Providing dial-up access Your LANCOM VPN supports dial-up connections to permit individual computers full access to your network. This service is also known as RAS (Remote Access Service). In principle, the RAS access can be realized in two different ways: EN 왘 VPN: For a RAS access via VPN, the connection between the LAN and the dial-in PC is established over a specially secured connection through the public Internet.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 6: Providing dial- up access 6.1.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 6: Providing dial- up access 6.1.2 Settings for TCP/IP Each active RAS user must be assigned an IP address when using the TCP/IP protocol. LAN of the head office. IP: 10.0.1.0 EN Remote workstation IP: 10.0.1.101 VPN or ISDN connection 10.0.1.100 (0123) 123456 ISDN adapter User: 'SAMPLE' (0123) 777888 This IP address can be permanently assigned when setting up a user.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 6: Providing dial- up access IPX internal net: 00020002 VPN or ISDN connection (0123) 123456 LAN of the head office IPX network no.: 00000001, Binding: Ethernet_II Remote workstation EN WAN IPX network no.: 00000009 ISDN adapter User: 'SAMPLE' (0123) 777888 The required network numbers are designated as “External Network Numbers”. Like IP network addresses, they apply to an entire LAN segment.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 6: Providing dial- up access 6.2 6.2.1 Settings for the dial-in computer Dial-up via VPN For dialing into a network via VPN a workstation requires: 왘 an Internet access 왘 a VPN client EN LANCOM Systems offers the LANCOM VPN Client on the LANCOM CD. It can be run under Windows 2000 and Windows XP. A detailed description of the LANCOM VPN Client and a description of its installation can also be found on the CD.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 6: Providing dial- up access 6.2.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 6: Providing dial- up access Configure Dial-Up Networking access on the dial-in PC as described. Next, test the connection (see box ’Ping – quick testing for TCP/IP connections’ → page 49). 6.4 Instructions for WEBconfig EN RAS access via VPN cannot be configured using the wizard under WEBconfig yet. It can only be set up in the expert configuration. For details, please refer to the reference manual.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 7: Sending faxes with LANCAPI 7 Sending faxes with LANCAPI 왘 the LANCAPI client. It provides the connection between your workstation PC and the LANCAPI server. 왘 the CAPI fax modem. This tool simulates a fax device on your workstation PC. 왘 the MS Windows fax service. This is the interface between the fax applications and the virtual fax. The installation of the LANCAPI client is described in the reference manual.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 7: Sending faxes with LANCAPI EN When the installation was successful, the LANCOM CAPI fax modem is entered into the Phone and Modem Options of the control panel. 7.2 Installation of the MS Windows fax service Select the option Printers and Faxes from the control panel. Select the option Set up faxing from the window ’Printers and Fax’. Follow, if necessary, the instructions of the installation tool.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 7: Sending faxes with LANCAPI For checking the installation, click with the right mouse button on the fax-icon and select Properties. The LANCOM CAPI fax modem should now be entered into register 'devices'. Sending a fax After installing all required components, you have several possibilities to send a fax from your workstation PC. If you have already an existing data file, you can send it directly from your respective application.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 7: Sending faxes with LANCAPI EN The fax client console will open. Select the menu item Send a Fax. A wizard will assist you through the remaining sending process.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 8: Security settings 8 Security settings Your LANCOM VPN has numerous security functions. You find in this chapter all information you need for an optimal protection. The security settings wizard Access to the configuration of a device permits not only to read out critical information such as WEP key or Internet password. Rather, also the entire settings of the security functions (e.g. firewall) can be altered then.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 8: Security settings In a next step parameters of the configuration lock like number of failed log-in attempts and the duration of the lock can be adjusted. Now activate Stateful Inspection, ping-blocking and Stealth mode in the the firewall configuration. EN The wizard will inform you when entries are complete. Complete the configuration with Finish. 8.1.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 8: Security settings EN Mark your LANCOM VPN in the selection window. Select from the command bar Extras 왘 Setup Wizard. Select in the selection menu the setup wizard Configuring Firewall and confirm your choice with Next. In the following windows, select the services/protocols the rule should be related to. Then you define the source and destination stations for this rule and what actions will be executed when the rule will apply to a data packet.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 8: Security settings 왘 Have you assigned a password for the configuration? The simplest option for the protection of the configuration is the establishment of a password. As long as a password hasn't been set, anyone can change the configuration of the device. The field for entering the password is contained in LANconfig in the 'Management' configuration area on the 'Security' tab.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Have you excluded certain stations from access to the router? Access to the internal functions of the devices through TCP/IP can be restricted using a special filter list. Internal functions in this case are configuration sessions via LANconfig, WEBconfig, Telnet or TFTP. This table is empty by default and so access to the router can therefore be obtained by TCP/IP using Telnet or TFTP from computers with any IP address.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 9: Troubleshooting 9 Troubleshooting In this chapter, you will find suggestions and assistance for a few common difficulties. 9.1 No WAN connection is established EN After start-up the router automatically attempts to connect to the access provider. During this process, the Online LED will blink green. If successful, the LED will switch over to steady green. If, however, the connection can't be established, the Online LED will light up red.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 9: Troubleshooting Numerous other factors involving the Internet itself can also influence the transfer rate. Increasing the TCP/IP window size under Windows One common problem occurs when large amounts of data are sent and received simultaneously with a Windows PC using an asynchronous connection. This can cause a severe decrease in download speed.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 9: Troubleshooting EN tested (e.g. “DSL1” or “LAN-1”). Pay attention to the correct spelling of the interfaces. Start the test for the specified interface by clicking on Execute. Change then to menu item Expert configuration 왘 Status 왘 LAN statistics 왘 Cable test results. The results of the cable test for the individual interfaces are show up in a list. The following results can occur: 왘 OK: Cable plugged in correctly, line ok.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 10: Appendix 10 Appendix Performance data and specifications LANCOM 7011 VPN LANCOM 8011 VPN Firewall Stateful inspection, IP packet filter with port ranges; masquerading (NAT/PAT) of TCP, UDP, ICMP, FTP, PPTP, H.323, NetMeeting IRC and IPSec; DNS forwarding; inverse masquerading for IP services from the Intranet such as web server; support of 2 local networks; e.g. DMZ with own IP address range without NAT.
LANCOM 7011 VPN – LANCOM 8011 VPN EN 왘 Chapter 10: Appendix LANCOM 7011 VPN LANCOM 8011 VPN Interfaces WAN/LAN/DMZ: 10/100 Mbps Fast Ethernet ISDN (RJ-45): ISDN S0 Bus Serial config (8 pol. Mini DIN); COM port: 9600-11500 baud WAN: 10/100 Mbps Fast Ethernet LAN/DMZ/Switch: 4 ports, 10/100 Mbps Fast Ethernet ISDN (RJ-45): ISDN S0 Bus Serial config (8 pol.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 10: Appendix 10.2 10.2.1 Contact assignment DSL interface Connector 10.2.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 10: Appendix 10.2.3 Ethernet interfaces 10/100Base-T 8-pin RJ45 socket, corresponding to ISO 8877, EN 60603-7 Pin Line 1 T+ 2 T- 3 R+ 4 – EN Connector 10.2.4 5 – 6 R- 7 – 8 – Pin Line 1 CTS Configuration interface (Outband) 8-pin mini-DIN socket Connector 10.
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Chapter 10: Appendix EN The CE declarations of conformity for LANCOM routers are available for download on the LANCOM web site (www.lancom.de).
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Index Numerics 10/100Base-TX 3-DES 24 42, 50 A Accounting AES Autosensing 31 42, 50 25 B Basic configuration Blowfish 29 42, 50 C Callback Callback function Calling Line Identity (CLI) CAST charge lock Configuration access Configuration file Configuration interface Configuration password Configuration port Configuration protection Connect charge information Connect charge protection Connect-charge budget Connect-charge metering Contact assignment Configuration inte
LANCOM 7011 VPN – LANCOM 8011 VPN EN 왘 Index ADSL configuration port DSL ISDN LAN LANtools power adapter Interconnection Security aspects Internet access Authentication data Default gateway DNS server Flat rate IP address Netmask Internet provider Internet-Zugang Intrusion Detection IP Filter Lock ports IP address 30, IP address of the LANCOM IP masquerading 12, 14, IPoE IP-Router IPSec IPX Binding External Network Number Frame type Internal-Net-Number IPX conventions IPX router Settings ISDN Basic confi
LANCOM 7011 VPN – LANCOM 8011 VPN 왘 Index 47 16 16 30, 65 25, 47 23 P 17 Package contents Password 31, 33, 42, 50 PAT – see IP masquerading Ping 49 Plain Ethernet 39 Plain IP 39 Power adapter 24 PPP 50 PPP client 55 PPPoE 39 PPTP 39 Preshared Key Shared Secret 45 Q Quality-of-Service 13 R Remote Access Service (RAS) Configuring the dial-in computer Enable software compression Function IPX NetBIOS Searching for Windows workgroups Security aspects setup specify MSN TCP/IP User name Remote configuration 33
LANCOM 7011 VPN – LANCOM 8011 VPN EN 왘 Index check connection 49 Settings 29, 33, 36 Settings to PCs in the LAN 37 Windows size 67 TCP/IP configuration Automatic 36 fully automatic 29, 30 manual 29, 30 TCP/IP filter 12, 16, 64 TCP/IP router Settings 45 Telnet 65 Temperature 23 TFTP 65 time 23 Transfer protocol 66 U UDP 77 64 V Virtual Private Network (VPN) Voltage switch VPN client 14, 15 24, 25 54 W WAN Connector cable 17 WAN connection 24 problems establishing the connection 66 WAN port 24 WEBconf
LANCOM 7011 VPN – LANCOM 8011 VPN EN 왘 Index 78
