Manualshelf

Operation Manual

ManualsBrandsLancom ManualsOther7011 VPN
61626364656667686970
LANCOM 7011 VPN – LANCOM 8011 VPN
Chapter 10: Appendix
69
EN
10 Appendix
10.1 Performance data and specifications
LANCOM 7011 VPN LANCOM 8011 VPN
Firewall Stateful inspection, IP packet filter with port ranges; masquerading (NAT/PAT) of TCP,
UDP, ICMP, FTP, PPTP, H.323, NetMeeting IRC and IPSec; DNS forwarding; inverse mas-
querading for IP services from the Intranet such as web server; support of 2 local net-
works; e.g. DMZ with own IP address range without NAT.
Quality of Service Dynamic bandwidth management with IP traffic-shaping/limiting with dynamic, abso-
lute or per connection transfer limits or guaranteed minimum bandwidths, separated
from send or receive site, TOS or DiffServ priority queuing, automatic packet size
adoption incl. PMTU adjustment or fragmentation.
Security Intrusion detection (IP spoofing, login attempt, port scans), denial-of-service protec-
tion (fragmentation error, SYNflooding, automatic closing of ports/connections). DNS
hitlist as well as wild card filter (URL blocking). High availability with ISDN dial backup
for Internet access or VPN connections. Email alerting, SNMP traps and SYSLOG. PAP,
CHAP and MS-CHAP as PPP authentification, password-protected configuration
remote access per interface, access control list (IP, MAC and protocol filter) for config-
uration access and LANCAPI, ISDN remote access list. FirmSafe with two firmware ver-
sions for absolute secure software upgrades.
VPN/IPSec 200 IPSec sessions parallel. Encryption methods: AES and 3-DES (for LANCOM 8011
VPN with hardware acceleration), Blowfish, CAST, MD-5 or SHA-1 Hashes IKE with
Preshared Keys
IPSec clients LANCOM VPN client free of charge, for Windows 2000 and Windows XP (IPSec over
PPTP; allocation of a local intranet address to the VPN client), 3rd-Party VPN clients
with IKE Aggressive Mode.
LANCOM Dynamic VPN Connection to dynamic IP addresses: transferring of the dynamic IP address via ISDN B
or D channel, IKE main mode. Connection from dynamic to static IP addresses:
encrypted transferring of the dynamic IP address via ICMP or UDP packet, IKE Main
Mode.
Router modes, services and
interfaces
IP, IPX and NetBIOS/IP multi protocol Router, HTTP and HTTPS Server (WEBconfig),
DNS Client, DNS Server, DNS Relay, DNS Proxy, DHCP Client, DHCP Relay and DHCP
Server incl. auto detection, Dynamic DNS Client, NTP Client, SNTP Server, NetBIOS/IP
Proxy, N : N IP address mapping
LAN protocols IP: ARP, Proxy ARP, IP, ICMP, UDP, TCP, TFTP, RIP-1, RIP-2, DHCP, DNS, SNMP, HTTP,
HTTPS, BOOTP, NTP/SNTP, NetBIOS, RADIUS, LANCAPI
IPX: RIP, SAP, IPX and SPX watchdogs, NetBIOS watchdogs
WAN protocols
WAN protocols (ISDN)
(Ethernet) PPPoE, PPTP (PAC or PNS) and Plain Ethernet (with and without DHCP)
D channel: 1TR6, DSS1 (Euro ISDN); B channel: PPP (asynchronous/synchronous),
X.75, HDLC, ML PPP for channel bundling, V.110/GSM/HSCSD, CAPI 2.0 via LANCAPI,
Stac data compression, optional leased line support for D64, D64S2, D64SY