Router & VPN Gateways
LANCOM 1900EF
Multi-WAN VPN gateway for connection to high-speed fiber-optic networks
and external modems—ideal for medium-sized VPN networking scenarios
The LANCOM 1900EF is the first choice for using a variety of Internet connections on a single device. This
extremely high-performance multi-WAN VPN gateway supports any external DSL or cable modems for the
greatest possible flexibility, for any Internet connections available at the site. It also supports high-speed fiber-optic
connections. With the award-winning LANCOM IPSec VPN, 25 (optionally 50) sites and mobile employees benefit
from Secure. Networks.
a
Multi-WAN VPN gateway for 1x SFP/TP, 1x WAN Ethernet
a
Load balancing for the parallel operation of several Internet access connections and maximization of the
available bandwidth
a
25 simultaneous IPSec VPN connections (50 optional)
a
Network virtualization with up to 64 networks on one device (ARF)
a
SD-WAN – automatic VPN and VLAN configuration via the LANCOM Management Cloud
a
Full-metal housing for mounting in a 19" rack and integrated 230V power supply
DATASHEET
LANCOM 1900EF
Multi-WAN
The LANCOM 1900EF is a multi-WAN router with 1x SFP/TP
combo port and 1x WAN Ethernet connection. It works with
high-speed fiber-optic connections and any external DSL or
cable modems to guarantee the greatest possible flexibility
in the choice of Internet connection at the site.
Load balancing
The LANCOM 1900EF allows the parallel operation of several
Internet access connections for perfect load balancing and
maximization of the available bandwidth. It is versatile
enough to operate with any kind of wireline connection—be
it Ethernet, fiber-optic or DSL/cable with an external modem.
So the LANCOM 1900EF offers maximum versatility as it
operates with any Internet connection.
Award-winning LANCOM VPN
The LANCOM 1900EF offers a high level of security. The
standard equipment of 25 IPSec VPN channels guarantees
strong encryption, secure connections for mobile employees,
and protection of corporate data. The LANCOM VPN Option
upgrades the VPN gateway to support 50 VPN channels. This
makes it the ideal device for medium-sized VPN networking
scenarios. By the way: Our VPN solutions are award winners!
In the techconsult Professional User Rating 2017, they
received the “Champion” award in the category “Virtual
Private Networks”.
Radical simplification of the configuration with
SD-WAN
In combination with the LANCOM Management Cloud, the
LANCOM 1900EF opens the way for automated
management. The software-defined WAN (SD-WAN) enables
the automatic setup of secure VPN connections between
sites, including network virtualization across the wide-area
network: A few mouse clicks is all it takes to enable the VPN
function and select the required VLANs for each site. The
laborious configuration of individual tunnel endpoints is no
longer required at all.
Premium full-metal housing
The LANCOM 1900EF comes in a high-quality full-metal
housing with integrated 230V power supply. Thanks to the
mounting system, it is easy to install in a 19" rack—with
connection ports redirected to the front, it is quick and easy
to work with.
Advanced Routing & Forwarding
The LANCOM 1900EF provides up to 64 securely isolated IP
contexts, each of which has its own separate routing. This
is an elegant way of operating IP applications with one
central router and keeping the different communication
channels securely separated from one another.
DATASHEET
LANCOM 1900EF
Layer 2 features
4.096 IDs based on IEEE 802.1q, dynamic assignment, Q-in-Q taggingVLAN
IGMP-SnoopingMulticast
Protocols
Layer 3 features
Firewall
Security
IPv4 services
IPv6 services
IPv6 protocols
WAN protocols
Security
High availability / redundancy
Ethernet over GRE-Tunnel (EoGRE), ARP-Lookup, LLDP, DHCP option 82, IPv6-Router-Advertisement-Snooping, DHCPv6-Snooping,
LDRA (Lightweight DHCPv6 Relay Agent), Spanning Tree, Rapid Spanning Tree, ARP, Proxy ARP, BOOTP, DHCP, LACP
Stateful inspection firewall including paket filtering, extended port forwarding, N:N IP address mapping, paket tagging, user-defined
rules and notifications
Traffic shaping, bandwidth reservation, DiffServ/TOS, packetsize control, layer-2-in-layer-3 taggingQuality of Service
Intrusion Prevention, IP spoofing, access control lists, Denial of Service protection, detailed settings for handling reassembly,
session-recovery, PING, stealth mode and AUTH port, URL blocker, password protection, programmable reset button
PAP, CHAP, MS-CHAP, and MS-CHAPv2PPP authentication mechanisms
VRRP (Virtual Router Redundancy Protocol), analog/GSM modem backupHigh availability / redundancy
IPv4-, IPv6-, NetBIOS/IP multiprotokoll router, IPv4/IPv6 dual stackRouter
ARF (Advanced Routing and Forwarding) up to separate processing of 64 contextsRouter virtualization
HTTP and HTTPS server for configuration by web interface, DNS client, DNS server, DNS relay, DNS proxy, dynamic DNS client, DHCP
client, DHCP relay and DHCP server including autodetection, NetBIOS/IP proxy, NTP client, SNTP server, policy-based routing,
Bonjour-Proxy, RADIUS
HTTP and HTTPS server for configuration by web interface, DHCPv6 client, DHCPv6 server, DHCPv6 relay, DNS client, DNS server,
dynamic DNS client, NTP client, SNTP server, Bonjour-Proxy, RADIUS
WEBconfig, HTTP, HTTPS, SSH, Telnet, DNS, TFTP, firewall, RAS dial-inIPv6 compatible LCOS applications
RIPv2, BGPv4, OSPFv2Dynamic routing protocols
DNS, HTTP, HTTPS, ICMP, NTP/SNTP, NetBIOS, PPPoE (server), RADIUS, RADSEC (secure RADIUS), RTP, SNMPv1,v2c,v3, TFTP, TACACS+IPv4 protocols
NDP, stateless address autoconfiguration (SLAAC), stateful address autoconfiguration (DHCPv6), router advertisements, ICMPv6,
DHCPv6, DNS, HTTP, HTTPS, PPPoE, RADIUS, SMTP, NTP, BGP, Syslog, SNMPv1,v2c,v3
VDSL, ADSL1, ADSL2 or ADSL2+ additional with external DSL modem at an ETH portWAN operating mode
PPPoE, Multi-PPPoE, ML-PPP, GRE, EoGRE, PPTP (PAC or PNS), L2TPv2 (LAC or LNS) and IPoE (using DHCP or no DHCP), RIP-1, RIP-2,
VLAN, IPv6 over PPP (IPv6 and IPv4/IPv6 dual stack session), IP(v6)oE (autokonfiguration, DHCPv6 or static)
6to4, 6in4, 6rd (static and over DHCP), Dual Stack Lite (IPv4-in-IPv6-Tunnel)Tunneling protocols (IPv4/IPv6)
Monitoring and blocking of login attempts and port scansIntrusion Prevention
Source IP address check on all interfaces: only IP addresses belonging to the defined IP networks are allowedIP spoofing
Filtering of IP or MAC addresses and preset protocols for configuration accessAccess control lists
Protection from fragmentation errors and SYN floodingDenial of Service protection
Detailed settings for handling reassembly, PING, stealth mode and AUTH portGeneral
Filtering of unwanted URLs based on DNS hitlists and wildcard filters. Extended functionality with Content Filter OptionURL blocker
Password-protected configuration access can be set for each interfacePassword protection
Alerts via e-mail, SNMP traps and SYSLOGAlerts
PAP, CHAP, MS-CHAP and MS-CHAPv2 as PPP authentication mechanismAuthentication mechanisms
Adjustable reset button for 'ignore', 'boot-only' and 'reset-or-boot'Adjustable reset button
VRRP (Virtual Router Redundancy Protocol) for backup in case of failure of a device or remote station.VRRP
For completely safe software upgrades thanks to two stored firmware versions, incl. test mode for firmware updatesFirmSafe
LCOS 10.12
DATASHEET
LANCOM 1900EF
High availability / redundancy
Load balancing
VPN redundancy
VPN
IPSec over HTTPS
Number of VPN tunnels
Certificates
XAUTH
Proadaptive VPN
Algorithms
IPCOMP
LANCOM Dynamic VPN
Dynamic DNS
Specific DNS forwarding
Static and dynamic load balancing over up to 4 WAN connections (incl. client binding). Channel bundling with Multilink PPP (if supported
by network operator)
Backup of VPN connections across different hierarchy levels, e.g. in case of failure of a central VPN concentrator and re-routing to
multiple distributed remote sites. Any number of VPN remote sites can be defined (the tunnel limit applies only to active connections).
Up to 32 alternative remote stations, each with its own routing tag, can be defined per VPN connection. Automatic selection may be
sequential, or dependant on the last connection, or random (VPN load balancing)
Line monitoring with LCP echo monitoring, dead-peer detection and up to 4 addresses for end-to-end monitoring with ICMP pollingLine monitoring
Enables IPsec VPN based on TCP (at port 443 like HTTPS) which can go through firewalls in networks where e. g. port 500 for IKE is
blocked. Suitable for client-to-site connections and site-to-site connections. IPSec over HTTPS is based on the NCP VPN Path Finder
technology
Max. number of concurrent active IPSec, PPTP (MPPE) and L2TPv2 tunnels: 25. Unlimited configurable connections. Configuration of
all remote sites via one configuration entry when using the RAS user template or Proadaptive VPN.
Integrated hardware accelerator for 3DES/AES encryption and decryptionHardware accelerator
Integrated, buffered realtime clock to save the date and time during power failure. Assures timely validation of certificates in any caseRealtime clock
Generates real random numbers in hardware, e. g. for improved key generation for certificates immediately after switching-onRandom number generator
One click function in LANconfig to create VPN client connections, incl. automatic profile creation for the LANCOM Advanced VPN Client1-Click-VPN Client assistant
Creation of VPN connections between LANCOM routers via drag and drop in LANconfig1-Click-VPN Site-to-Site
IPSec key exchange with Preshared Key or certificate (RSA signature, digital signature)IKE, IKEv2
Convenient generation of digital X.509 certificates via an own certifaction authority (SCEP-CA) on the webpage or via SCEP.Smart Certificate
X.509 digital multi-level certificate support, compatible with Microsoft Server / Enterprise Server and OpenSSL. Secure Key Storage
protects a private key (PKCS#12) from theft.
Automatic creation, rollout and renewal of certificates via SCEP (Simple Certificate Enrollment Protocol) per certificate hierarchyCertificate rollout
CRL retrieval via HTTP per certificate hierarchyCertificate revocation lists (CRL)
Check X.509 certifications by using OCSP (Online Certificate Status Protocol) in real time as an alternative to CRLsOCSP Client
XAUTH client for registering LANCOM routers and access points at XAUTH servers incl. IKE-config mode. XAUTH server enables clients
to register via XAUTH at LANCOM routers. Connection of the XAUTH server to RADIUS servers provides the central authentication of
VPN-access with user name and password. Authentication of VPN-client access via XAUTH and RADIUS connection additionally by
OTP token
Configuration of all VPN client connections in IKE ConfigMode via a single configuration entryRAS user template
Automated configuration and dynamic creation of all necessary VPN and routing entries based on a default entry for site-to-site
connections. Propagation of dynamically learned routes via RIPv2 if required
3DES (168 bit), AES-CBC and -GCM (128, 192 or 256 bit), Blowfish (128 bit), RSA (1024-4096 bit) and CAST (128 bit). OpenSSL
implementation with FIPS-140 certified algorithms. MD-5, SHA-1, SHA-256, SHA-384 or SHA-512 hashes
NAT-Traversal (NAT-T) support for VPN over routes without VPN passthroughNAT-Traversal
VPN data compression based on Deflate compression for higher IPSec throughput on low-bandwidth connections (must be supported
by remote endpoint)
Enables VPN connections from or to dynamic IP addresses. The IP address is communicated via the ICMP or UDP protocol in encrypted
form. Dynamic dial-in for remote sites via connection template
Enables the registration of IP addresses with a Dynamic DNS provider in the case that fixed IP addresses are not used for the VPN
connection
DNS forwarding according to DNS domain, e.g. internal names are translated by proprietary DNS servers in the VPN. External names
are translated by Internet DNS servers
Connecting private IPv4 networksIPv4 VPN
Use of IPv4 VPN over IPv6 WAN connectionsIPv4 VPN over IPv6 WAN
LCOS 10.12
DATASHEET
LANCOM 1900EF
VPN
Connecting private IPv6 networksIPv6 VPN
Use of IPv6 VPN over IPv4 WAN connectionsIPv6 VPN over IPv4 WAN
Radius
Performance
Routing-Performance
VoIP
SIP ALG
Interfaces
Ethernet ports
SFP slot
Port configuration
USB 2.0 host port
Management and monitoring
Management functions
Monitoring functions
Monitoring statistics
Hardware
RADIUS authorization and accounting, outsourcing of VPN configurations in external RADIUS server in IKEv2, RADIUS CoA (Change
of Authorization)
Data regarding the overall routing performance can be found inside the LANCOM tech paper "Routing-Performance" on
www.lancom-systems.eu
The SIP ALG (Application Layer Gateway) acts as a proxy for SIP communication. For SIP calls the ALG opens the necessary ports for
the corresponding media packets. Automatic address translation (STUN is no longer needed).
10/100/1000 Mbps Gigabit EthernetWAN: Ethernet
6 individual 10/100/1000 Mbps Ethernet ports, 2 of them are set to WAN; up to 3 ports can be operated as additional WAN ports.
Ethernet ports can be electrically disabled within LCOS configuration. The ports support energy saving according to IEEE 802.3az
Slot for Small Form-factor Pluggable Gigabit Ethernet transceivers ('mini-GBIC'). Compatible to optional LANCOM SFP modules for
fiber connections over short distances (SX) or long distances (LX). By default a WAN port that can be configured as a LAN port
Each Ethernet port can be freely configured (LAN, DMZ, WAN, monitor port, off). LAN ports can be operated as a switch or separately.
Additionally, external DSL modems or termination routers can be operated as a WAN port with load balancing and policy-based routing.
DMZ ports can be operated with their own IP address range without NAT
USB 2.0 hi-speed host port for connecting USB printers (USB print server), serial devices (COM port server), USB data storage (FAT file
system); bi-directional data exchange is possible
Serial configuration interface / COM port (RJ45): 9,600 - 115,000 baudSerial interface
LANCOM Management Cloud, LANconfig, WEBconfig, LANCOM Layer 2 management (emergency management)Management
Alternative boot configuration, voluntary automatic updates for LCMS and LCOS, individual access and function rights up to 16
administrators, RADIUS and RADSEC user management, remote access (WAN or (W)LAN, access rights (read/write) adjustable seperately),
SSL, SSH, HTTPS, Telnet, TFTP, SNMP, HTTP, access rights via TACACS+, scripting, timed control of all parameters and actions through
cron job
LANCOM Management Cloud, LANmonitor, WLANmonitorMonitoring
Device SYSLOG, SNMPv1,v2c,v3 incl. SNMP-TRAPS, extensive LOG and TRACE options, PING and TRACEROUTE for checking connections,
internal logging buffer for firewall events
Extensive Ethernet, IP and DNS statistics; SYSLOG error counter, accounting information exportable via LANmonitor and SYSLOG, Layer
7 Application Detection including application-centric tracking of traffic volume
iPerf is a tool for measurements of the bandwidth on IP networks (integrated client and server)iPerf
Performance monitoring of connectionsSLA-Monitor (ICMP)
SD-LAN – automatic LAN configuration via the LANCOM Management CloudSD-LAN
SD-WAN – automatic WAN configuration via the LANCOM Management CloudSD-WAN
5,50 lbs (2,50 kg)Weight
Internal power supply unit (110–230 V, 50-60 Hz)Power supply
Temperature range 0–40° C; humidity 0–95%; non-condensingEnvironment
Robust metal housing, network connectors on the front, 1U (345 x 44 x 253 mm > W x H x D) with removable mounting bracketsHousing
None; fanless design without rotating parts, high MTBFFans
23 wattPower consumption (max)
LCOS 10.12
DATASHEET
LANCOM 1900EF
Declarations of conformity*
EN 60950-1, EN 55022, EN 55024CE
IPv6 Ready GoldIPv6
Made in GermanyCountry of Origin
You will find all declarations of conformity in the products section of our website at www.lancom-systems.eu*) Note
Scope of delivery
Hardware Quick Reference (DE/EN), Installation Guide (DE/EN)Manual
1 Ethernet cable, 3 mCable
IEC power cordCable
Support
3 years supportWarranty
Regular free updates (LCOS operating system and LANtools) via InternetSoftware updates
Options
LANCOM VPN-50 Option (50 channels), item no. 61405VPN
LANCOM Content Filter +10 user, 1 year subscription, item no. 61590LANCOM Content Filter
LANCOM Content Filter +25 user, 1 year subscription, item no. 61591LANCOM Content Filter
LANCOM Content Filter +100 user, 1 year subscription, item no. 61592LANCOM Content Filter
LANCOM Content Filter +10 user, 3 year subscription, item no. 61593LANCOM Content Filter
LANCOM Content Filter +25 user, 3 year subscription, item no. 61594LANCOM Content Filter
LANCOM Content Filter +100 user, 3 year subscription, item no. 61595LANCOM Content Filter
Option to extend the manufacturer´s warranty from 3 to 5 years, item no. 10711LANCOM Warranty Basic Option M
Option to extend the manufacturer´s warranty from 3 to 5 years and replacement of a defective device, item no. 10716LANCOM Warranty Advanced Option M
LANCOM Public Spot
LANCOM Public Spot PMS Accounting Plus
LANCOM Management Cloud
LANCOM LMC-C-1Y LMC License
LANCOM LMC-C-3Y LMC License
LANCOM LMC-C-5Y LMC License
Accessories
Hotspot option for LANCOM access points, LANCOM 17xx and LANCOM 19xx series for user authentication (up to 64), versatile access
(via voucher, e-mail, SMS), including a comfortable setup wizard, secure separation of guest access and internal network, item no.
60642
Extension of the LANCOM Public Spot (XL) Option for the connection to hotel billing systems with FIAS interface (such as Micros Fidelio)
for authentication and billing of guest accesses for 178x/19xx routers, WLCs, and current central-site gateways, item no. 61638
LANCOM WLC Basic Option for Routers for up to 6 managed LANCOM access points or WLAN routers, item no. 61639LANCOM WLC Basic Option for Routers
LANCOM WLC AP Upgrade +6 Option, enables your WLC to manage 6 Access Points/WLAN router in addition, item no. 61629LANCOM WLC AP Upgrade +6
LANCOM LMC-C-1Y License (1 Year), enables the management of one category C device for one year via the LANCOM Management
Cloud, item no. 50106
LANCOM LMC-C-3Y License (3 Years), enables the management of one category C device for three years via the LANCOM Management
Cloud, item no. 50107
LANCOM LMC-C-5Y License (5 Years), enables the management of one category C device for five years via the LANCOM Management
Cloud, item no. 50108
LANCOM Advanced VPN Client for Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, single license, item no. 61600VPN Client Software
LANCOM Advanced VPN Client for Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, 10 licenses, item no. 61601VPN Client Software
LANCOM Advanced VPN Client for Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, 25 licenses, item no. 61602VPN Client Software
LANCOM Advanced VPN Client for Mac OS X (10.5 Intel only, 10.6 or higher), single license, item no. 61606VPN Client Software
LANCOM Advanced VPN Client for Mac OS X (10.5 Intel only, 10.6 or higher), 10 licenses, item no. 61607VPN Client Software
LCOS 10.12
DATASHEET
LANCOM 1900EF
Item number(s)
62105LANCOM 1900EF (EU)
LCOS 10.12
www.lancom-systems.com
LANCOM Systems GmbH I Adenauerstr. 20/B2 I 52146 Wuerselen I Germany I E-Mail info@lancom-systems.com
LANCOM, LANCOM Systems and LCOS are registered trademarks. All other names or descriptions used may be trademarks or registered trademarks of their owners. Subject to change without notice. No liability for
technical errors and/or omissions. 01/18
Loading...