- DL manuals
- Lancom
- Network Router
- 9100 VPN
- Manual
Lancom 9100 VPN Manual
110644/0409
LANCOM Systems GmbH
Adenauerstr. 20/B2
52146 Würselen
Germany
E-Mail: info@lancom.eu
Internet www.lancom.eu
LANCOM
9100 VPN
LANCOM
9100 VPN Wir
eless
쮿
Handbuch
쮿
Manual
.
.
.
c
o
n
n
e
c
t
i
n
g
y
o
u
r
b
u
s
i
n
e
s
s
110644_LC-9100-MANUAL_cover.indd1 1
110644_LC-9100-MANUAL_cover.indd1 1
01.04.2009 18:12:57
01.04.2009 18:12:57
Summary of 9100 VPN
Page 1
110644/0409 lancom systems gmbh adenauerstr. 20/b2 52146 würselen germany e-mail: info@lancom.Eu internet www.Lancom.Eu lancom 9100 vpn lancom 9100 vpn wir eless 쮿 handbuch 쮿 manual . . . C o n n e c t i n g y o u r b u s i n e s s 110644_lc-9100-manual_cover.Indd1 1 110644_lc-9100-manual_cover.Indd...
Page 2: Lancom 9100 Vpn
Lancom 9100 vpn.
Page 3
© 2009 lancom systems gmbh, wuerselen (germany). All rights reserved. While the information in this manual has been compiled with great care, it may not be deemed an assurance of product characteristics. Lancom systems shall be liable only to the degree specified in the terms of sale and delivery. T...
Page 4: Preface
Lancom 9100 vpn preface 3 en preface thank you for your confidence in us! You have decided on a high quality product from lancom. The lancom 9100 vpn is a high performance central site vpn gateway that provides con- nectivity for up to 1000 sites. The following functions are characteristics of the l...
Page 5
Lancom 9100 vpn preface 4 en the system design of the operating system lcos configuration management diagnosis security routing and wan functions firewall quality of service (qos) virtual private networks (vpn) virtual local networks (vlan) backup solutions lancapi further server services (dhcp, dns...
Page 6: Content
Lancom 9100 vpn content 5 en content 1 introduction 8 1.1 what does vpn offer? 9 1.2 just what can your lancom router do? 10 2 installation 13 2.1 package content 13 2.2 system requirements 13 2.3 status displays and interfaces 14 2.3.1 front 14 2.3.2 rear panel 20 2.4 hardware installation 20 2.5 s...
Page 7
Lancom 9100 vpn content 6 en 5 connecting two networks 36 5.1 which details are necessary? 37 5.1.1 general information 37 5.1.2 settings for the tcp/ip router 39 5.1.3 settings for netbios routing 40 5.2 instructions for lanconfig 41 5.3 1-click-vpn for networks (site-to-site) 42 5.4 instructions f...
Page 8
Lancom 9100 vpn content 7 en 9 advice & assistance 61 9.1 no wan connection can be established 61 9.2 slow dsl transmission 61 9.3 unwanted connections under windows xp 62 10 appendix 63 10.1 performance and characteristics 63 10.2 connector wiring 64 10.2.1 lan/wan interface 10/100/1000base-tx, dsl...
Page 9: 1 Introduction
Lancom 9100 vpn chapter 1: introduction 8 en 1 introduction the lancom 9100 vpn is a high-performance central-site vpn gateway that supports 200 vpn connections. With the lancom vpn option, it provides vpn connections for up to 1000 sites. Quality-of-service, dynamic bandwidth management and the fou...
Page 10
Lancom 9100 vpn chapter 1: introduction 9 en the management systems lanconfig and lanmonitor are included and offer not only cost-effective remote maintenance of entire installations along with highly convenient setup wizards, but also full real-time monitoring and log- ging. Service providers benef...
Page 11
Lancom 9100 vpn chapter 1: introduction 10 en the internet is available virtually everywhere and typically has low access costs. Significant savings can thus be achieved in relation to switched or ded- icated connections, especially over long distances. The physical connection no longer exists direc...
Page 12
Lancom 9100 vpn chapter 1: introduction 11 en load balancing for bundling multiple dsl channels 4 channels backup solutions and load balancing with vrrp ✔ nat traversal (nat-t) ✔ dmz with configurable ids checks ✔ pppoe servers ✔ wan rip ✔ spanning tree protocol ✔ layer 2 qos tagging ✔ isdn leased l...
Page 13
Lancom 9100 vpn chapter 1: introduction 12 en protection of the configuration from brute-force attacks. ✔ configuration configuration with lanconfig or via web browser; additional terminal mode for telnet or equivalent terminal programs; snmp interface and tftp server function. ✔ remote configuratio...
Page 14: 2 Installation
Lancom 9100 vpn chapter 2: installation 13 en 2 installation this chapter will assist you to quickly install hardware and software. First, check the package contents and system requirements. The device can be installed and configured quickly and easily if all prerequisites are fulfilled. 2.1 package...
Page 15
Lancom 9100 vpn chapter 2: installation 14 en the lantools also require a windows operating system. A web brow- ser under any operating system provides access to webconfig. 2.3 status displays and interfaces meanings of the leds in the following sections we will use different terms to describe the b...
Page 16
Lancom 9100 vpn chapter 2: installation 15 en the power led blinks alternately in red/green until a configuration password has been set. Without a configuration password, the confi- guration data in the lancom is unprotected. Normally you would set a configuration password during the basic configura...
Page 17
Lancom 9100 vpn chapter 2: installation 16 en 쐇 fan the fan led displays the fan's status: to prevent damage to the hardware, this led is complemented by an acoustic signal. If the fan is blocked or the cpu temperature exceeds 60°, a pulsed acoustic signal is emitted. 쐋 com connection status of the ...
Page 18
Lancom 9100 vpn chapter 2: installation 17 en 쐂 standby displays the standby status: 쐆 vpn status of a vpn connection. 쐊 lcd display the lc display has two lines of 16 characters each to display the following information in rotation: device name firmware version device temperature date and time cpu ...
Page 19
Lancom 9100 vpn chapter 2: installation 18 en 쐎 com connector for the serial configuration cable. 쐅 eth 1 to 4 ethernet sockets ( 10/100/1000base-tx) for connection to the lan. 10 mbit, 100 mbit or 1000 mbit connections are supported. The available transfer rate is detected automatically (autosensin...
Page 20
Lancom 9100 vpn chapter 2: installation 19 en 씈 reset reset button (see 'reset button functions') reset button functions the reset button offers two basic functions—boot (restart) and reset (to the factory settings)—which are called by pressing the button for different lengths of time. It is not alw...
Page 21
Lancom 9100 vpn chapter 2: installation 20 en after resetting, the device starts completely unconfigured and all set- tings are lost. If possible be sure to backup the current device confi- guration before resetting. 2.3.2 rear panel the following connectors are located on the rear of the device. 씉 ...
Page 22
Lancom 9100 vpn chapter 2: installation 21 en avoid having multiple unconfigured lancoms at once within a single network segment. Any unconfigured lancom takes on the same ip address (ending in '254'), and so address conflicts could arise. To avoid problems, multiple lancoms should be configured one...
Page 23
Lancom 9100 vpn chapter 2: installation 22 en in setup, select install software. The following selection menus will appear on screen: 2.5.2 which software should i install? Lanconfig is the windows configuration program for all lancom rou- ters and lancom access points. Webconfig can be used alterna...
Page 24: 3 Basic Configuration
Lancom 9100 vpn chapter 3: basic configuration 23 en 3 basic configuration the basic configuration is conducted with a convenient setup wizard that provides step-by-step guidance through the configuration and that requests any necessary information. First of all this chapter presents the information...
Page 25
Lancom 9100 vpn chapter 3: basic configuration 24 en new lan – fully automatic configuration possible the setup wizard offers to configure tcp/ip fully automatically if no network devices connected have yet been configured. This usually happens in the fol- lowing situations: only a single pc is goin...
Page 26
Lancom 9100 vpn chapter 3: basic configuration 25 en server: the lancom vpn router operates as dhcp server in the net- work; as a minimum its own ip address and the network mask must be assigned. Client: the lancom vpn router obtains its address information from another dhcp server; no address infor...
Page 27
Lancom 9100 vpn chapter 3: basic configuration 26 en in the basic settings, charge protection is set to a maximum value of 600 minutes in any seven day period. Please adjust this parameter to match your own requirements, or deactivate charge protection if you have agreed a tariff for unlimited traff...
Page 28
Lancom 9100 vpn chapter 3: basic configuration 27 en you also define whether the device can be configured from the local net- work only, or if remote configuration via wan (i.E.. From a remote net- work) is to be permitted. Be aware that releasing this option also allows remote configuration over th...
Page 29
Lancom 9100 vpn chapter 3: basic configuration 28 en either via its ip address, the device name (if configured), or by means of any name if the device has not yet been configured. Following power-on, unconfigured lancom devices first check whether a dhcp server is already active in the lan. Dependin...
Page 30
Lancom 9100 vpn chapter 3: basic configuration 29 en command winipcfg at the prompt under windows me or windows 9x, or with command ifconfig in the console under linux). In this case, the lancom can be accessed with address x.X.X.254 (the “x”s stand for the first three blocks in the ip address of th...
Page 31
Lancom 9100 vpn chapter 3: basic configuration 30 en if you used the general configuration access, only enter the corresponding password. The user name field remains blank in this case. As an alternative, the login dialog provides a link for an encrypted connection over https. Always use the https c...
Page 32
Lancom 9100 vpn chapter 3: basic configuration 31 en 3.4 tcp/ip settings for pc workstations it is extremely important to assign the correct addresses to all of the devices in the lan. Also, all of these computers must know the ip addresses of two central stations in the lan: standard gateway – rece...
Page 33
Lancom 9100 vpn chapter 4: setting up internet access 32 en 4 setting up internet access the lancom provides a central point of internet access for all of the compu- ters in the lan. The connection to the internet provider can be established via any wan connector, i.E. Via dsl or isdn (where availab...
Page 34
Lancom 9100 vpn chapter 4: setting up internet access 33 en other connection options in addition you can use the wizard to activate or deactivate additional options (if supported by your internet provider): billing by time or flatrate – select the method by which you are billed by your internet prov...
Page 35
Lancom 9100 vpn chapter 4: setting up internet access 34 en 4.1 the internet connection wizard 4.1.1 instructions for lanconfig 햲 mark your device in the selection window. From the command line, select extras setup wizard. 햳 in the selection menu, select the setup wizard, set up internet connec- tio...
Page 36
Lancom 9100 vpn chapter 4: setting up internet access 35 en 햷 the wizard will inform you as soon as the entries are complete. Close the configuration with finish. 4.1.2 instructions for webconfig 햲 select the entry set up internet connection from the main menu. 햳 in the following windows you select ...
Page 37: 5 Connecting Two Networks
Lancom 9100 vpn chapter 5: connecting two networks 36 en 5 connecting two networks network connectivity, also known as lan-lan connectivity, with the lancom router is used for interconnecting two local area networks. Lan- lan connectivity can be implemented in two basic ways: vpn: connecting lans ov...
Page 38
Lancom 9100 vpn chapter 5: connecting two networks 37 en 5.1 which details are necessary? The wizard requests you for all of the necessary details step by step. If pos- sible, you should have all of this information to hand before you start the wizard. The significance of the information required by...
Page 39
Lancom 9100 vpn chapter 5: connecting two networks 38 en notes on the different settings: if you own device features an isdn connection, the wizard will ask you whether the remote site also has one. For vpn connections over the internet, the type of ip address at each end must be specified. There ar...
Page 40
Lancom 9100 vpn chapter 5: connecting two networks 39 en the isdn calling line id specified is used to identify and authenticate the caller. If a lancom router is called, it compares the isdn calling line id entered for the remote site to the id that is actually received over the d channel from the ...
Page 41
Lancom 9100 vpn chapter 5: connecting two networks 40 en not just that of the router. The computer with the ip address 10.0.2.10 in the branch-office lan sees the server 10.0.1.2 at the main office and, with the appropriate rights, has access to it. The same applies in the other direction. Dns acces...
Page 42
Lancom 9100 vpn chapter 5: connecting two networks 41 en remote windows workgroups do not appear in the windows network environment, but they can be contacted directly (e.G.By searching for a computer of known name). 5.2 instructions for lanconfig carry out the configuration on both routers, one aft...
Page 43
Lancom 9100 vpn chapter 5: connecting two networks 42 en remote lan (e.G. With ping). The lancom router should automatically connect to the remote site and make contact to the requested computer. 5.3 1-click-vpn for networks (site-to- site) the site-to-site-to-site connectivity of networks is now ve...
Page 44
Lancom 9100 vpn chapter 5: connecting two networks 43 en 햴 the 1-click-vpn site-to-site wizard will be started. Enter a name for this access and select the address under which the router is accessible from the internet. 햵 select whether connection establishment is to take place via the name or ip ad...
Page 45
Lancom 9100 vpn chapter 5: connecting two networks 44 en 햳 the wizard will inform you when the required information is complete. You can then close the wizard with next. 햴 once you have completed the set-up of both routers, you can start testing the network connection. Try to communicate with a comp...
Page 46
Lancom 9100 vpn chapter 6: providing dial- in access 45 en 6 providing dial- in access your lancom can be set up with dial-in access accounts enabling individual computers to dial-in to your lan and fully participate in the network for the duration of the connection. This service is called ras (remo...
Page 47
Lancom 9100 vpn chapter 6: providing dial- in access 46 en 6.1.1 general information the following information is required for setting up ras access. The first column shows whether the information for ras access is required via vpn (simple method with pre-shared keys) and/or via isdn. For further in...
Page 48
Lancom 9100 vpn chapter 6: providing dial- in access 47 en you will find information on the other parameters required for ras access in the chapter 'connecting two networks'. 6.1.2 settings for tcp/ip tcp/ip requires that every active ras is assigned an ip address. This ip address can be manually se...
Page 49
Lancom 9100 vpn chapter 6: providing dial- in access 48 en the connection is not established automatically. The ras user first has to manually establish a connection to the lancom router with the help of dial-up networking. Once the connection has been establis- hed, the computer can access and sear...
Page 50
Lancom 9100 vpn chapter 6: providing dial- in access 49 en 6.3 instructions for lanconfig 햲 launch the 'provide remote access (ras, vpn, ipsec over wlan)' wizard. Follow the wizard’s instructions and enter the necessary data. 햳 the wizard will inform you when the required information is complete. Yo...
Page 51
Lancom 9100 vpn chapter 6: providing dial- in access 50 en save profile as an import file for the lancom advanced vpn client send profile via e-mail print out profile sending a profile via e-mail could be a security risk should the e-mail be intercepted en route! To send the profile via e-mail, the ...
Page 52
Lancom 9100 vpn chapter 7: fax transmission with lancapi 51 en 7 fax transmission with lancapi lancapi from lancom systems is a specialized version of the widespread isdn capi interface. Capi stands for common isdn application programming interface and it links isdn adapters and communications softw...
Page 53
Lancom 9100 vpn chapter 7: fax transmission with lancapi 52 en the ms windows fax service. This is the interface between the fax applications and the virtual fax. Installing the lancapi client is described in the reference manual. This chap- ter deals with installing and configuring the lancom capi ...
Page 54
Lancom 9100 vpn chapter 7: fax transmission with lancapi 53 en after successful installation, the lancom capi fax modem is entered into the control panel under phone and modem options. 7.2 installing the ms windows fax service 햲 go to the control panel and select the option printers and faxes. 햳 in ...
Page 55
Lancom 9100 vpn chapter 7: fax transmission with lancapi 54 en 7.3 sending a fax after installing the necessary components, there are a number of ways to send a fax from your computer. If you have a file ready to send, you can send this straight from its application. On the other hand, if you just w...
Page 56
Lancom 9100 vpn chapter 7: fax transmission with lancapi 55 en 햴 the fax client console opens up. Select the menu item send file/fax. A wizard guides you through the remaining procedure..
Page 57: 8 Security Settings
Lancom 9100 vpn chapter 8: security settings 56 en 8 security settings your lancom features numerous security functions. This chapter provides you with all of the information you need to optimally protect your device. You can carry out the configuration of security settings very quickly and convenie...
Page 58
Lancom 9100 vpn chapter 8: security settings 57 en along with these basic settings, you can use the security settings wizard to check the settings of your wireless network (if so equipped). 8.2.1 lanconfig wizard 햲 mark your lancom in the selection window. From the command line, select extras setup ...
Page 59
Lancom 9100 vpn chapter 8: security settings 58 en 8.3 the security checklist the following checklists provide an overview of all security settings that are important to professionals. Most of the points in this checklist are uncritical for simple configurations. In these cases, the security setting...
Page 60
Lancom 9100 vpn chapter 8: security settings 59 en are you using a 'deny all' firewall strategy? Maximum security and control is initially achieved by denying all data traffic from passing the firewall. The only connections to be accepted by the firewall are those that are to be explicitly permitted...
Page 61
Lancom 9100 vpn chapter 8: security settings 60 en do you store your saved lancom configuration to a safe location? Protect your saved configurations in a location that is safe from unautho- rized access. Otherwise, byway of example, an unauthorized person may load your stored configuration file int...
Page 62: 9 Advice & Assistance
Lancom 9100 vpn chapter 9: advice & assistance 61 en 9 advice & assistance see this chapter for first-aid assistance if some of the typical problems should occur. 9.1 no wan connection can be established after starting, the router attempts automatically to connect to the internet provider. During th...
Page 63
Lancom 9100 vpn chapter 9: advice & assistance 62 en increasing the tcp/ip window size under windows if the actual transmission speed over a dsl connection is significantly lower than the maximum specified by the dsl provider, there are very few potential error sources with your own equipment. A typ...
Page 64: 10 Appendix
Lancom 9100 vpn chapter 10: appendix 63 en 10 appendix 10.1 performance and characteristics lancom 9100 vpn connections ethernet lan 10/100/1000base-tx, autosensing, cable tester isdn isdn s 0 configuration serial v.24/rs-232 outband interface with mini-din8 connector power supply internal power sup...
Page 65
Lancom 9100 vpn chapter 10: appendix 64 en 10.2 connector wiring 10.2.1 lan/wan interface 10/100/1000base-tx, dsl interface 8-pin rj45 sockets (iso 8877, en 60603-7) *bi_da+ stands for "bi-directional pair +a" 10.2.2 isdn- s 0 interface 8-pin rj45 socket (iso 8877, en 60603-7) connector pin fast eth...
Page 66
Lancom 9100 vpn chapter 10: appendix 65 en 10.2.3 configuration interface (outband) 8-pin mini din socket 10.3 declaration of conformity lancom systems herewith declares that the devices of the type described in this documentation are in agreement with the basic requirements and other relevant regul...
Page 67: Index
Lancom 9100 vpn index 66 en index numerics 10/100base-tx 18 100-mbit network 18 3 des 36 , 45 a aes 36 , 45 anschlussbelegung adsl-schnittstelle 65 autosensing 18 , 20 b blowfish 36 , 45 c call-back function 12 , 36 , 45 calling line identity (cli) 47 capi interface 51 charge limiter 15 charge prote...
Page 68
Lancom 9100 vpn index 67 en filter 59 ip address 21 , 24 , 25 , 59 ip masquerading 11 , 59 ip router 10 ipsec 36 , 45 ipx 48 isdn connector cable 13 d channel 47 s 0 connector 18 isdn calling line id 39 , 46 isdn leased-line option 11 isdn modem 45 isdn number 38 isdn s 0 connection 11 l lan connect...
Page 69
Lancom 9100 vpn index 68 en system requirements 13 t tcp 59 tcp/ip 13 , 48 settings 23 tcp/ip configuration fully automatic 23 , 24 manual 23 , 24 tcp/ip filter 11 , 59 tcp/ip router settings 39 tcp/ip windows size 62 telnet 59 temperature 17 tftp 59 time 17 transmission protocol 61 u udp 59 usb con...
Page 70
Lancom 9100 vpn index 69 en.