Lancom 7100+ VPN User Manual
LANCOM 7100+ VPN
High-performance central site VPN gateway for connecting up to 200 sites
1
VPN site connectivity for medium-size network infrastructures with multiple external sites
1
Incl. 100 VPN channels, upgradable to 200 per device
1
High availability due to VRRP and Load Balancing
1
Advanced Routing & Forwarding with 256 VLAN/IP contexts
1
Optionally upgradable as Public Spot Gateway and with Content Filter
1
4 x Gigabit Ethernet
The LANCOM 7100+ VPN is a central site VPN gateway for connecting 100 sites by default, with the LANCOM VPN Option up to 200. Due to an improved hardware
platform with more powerful CPU and the integrated VPN hardware accelerator an encryption performance of more than 450 Mbps is possible. The Quality of Service
functionality with dynamic broadband management as well as four Gigabit Ethernet ports cater for a correct prioritization and forwarding of data packets in the network.
A practical display permanently illustrates all relevant device information, such as temperature, CPU load, and active VPN tunnels.
More Performance.
The LANCOM 7100+ VPN offers a high-performance hardware platform, meeting high demands for network virtualization, security, and VPN connectivity. Remote sites
can thus be connected with a VPN encryption performance of more than 450 Mbps. At the same time memory capacity and high-speed interfaces guarantee high performance
of networks even at times of high load.
More Security.
The support of VPN based on IPSec standard with highly secure 3DES or AES encryption, the integrated hardware accelerator, and the support of digital certificates cater
for optimal security for connecting up to 200 external sites. The LANCOM 7100+ VPN offers maximum failure safety due to comprehensive backup, high availability, and
redundancy functionalities via ISDN and VRRP. On top of that, an object-oriented stateful-inspection firewall protects the network with intrusion prevention and
Denial-of-Service protection.
More Management.
LCMS, the LANCOM Management System, is a free software package for the LANCOM 7100+ VPN. It caters for the configuration of the device, remote maintenance and
network monitoring. The central component of LCMS, LANconfig, is used to configure the LANCOM 7100+ VPN and other LANCOM devices on the network. The extensive
range of features and the configuration wizards make the router quick to set up. LANmonitor offers detailed, real-time monitoring of parameters, it provides access to log
files and statistics, and it can carry out a detailed trace-protocol analysis. Other functions in LCMS include the GUI for firewall setup, automatic backup of configurations
and scripts, and the intuitive folder structure with convenient search function.
More Virtualization.
The LANCOM 7100+ VPN helps you to use your IT resources more efficiently and to save costs. The device simultaneously supports multiple independent networks. This
is made possible by the powerful technology Advanced Routing and Forwarding (ARF). The ARF function on the LANCOM 7100+ VPN provides up to sixteen virtual networks,
each with its own settings for DHCP, DNS, routing and firewall. ARF allows multiple separate networks for different groups and applications to be operated on a single
physical infrastructure.
More Reliability for the Future.
LANCOM products are designed for a product life of several years and are equipped with hardware dimensioned for the future. Even reaching back to older product
generations, updates to the LANCOM Operating System – LCOS – are available several times a year, free of charge and offering major features. LANCOM offers unbeatable
safeguarding of your investment.
LANCOM 7100+ VPN
Firewall
Stateful inspection firewall
Packet filter
Quality of Service
Bandwidth reservation
Layer 2/Layer 3 tagging
Security
High availability / redundancy
VRRP
VPN redundancy
VPN
IPSec over HTTPS
Number of VPN tunnels
Incoming/Outgoing Traffic inspection based on connection information. Trigger for firewall rules depending on backup status, e.g. simplified rule
sets for low-bandwidth backup lines. Limitation of the number of sessions per remote site (ID)
Check based on the header information of an IP packet (IP or MAC source/destination addresses; source/destination ports, DiffServ attribute);
remote-site dependant, direction dependant, bandwidth dependant
Network Address Translation (NAT) based on protocol and WAN address, i.e. to make internal webservers accessible from WANExtended port forwarding
N:N IP address mapping for translation of IP addresses or entire networksN:N IP address mapping
The firewall marks packets with routing tags, e.g. for policy-based routingTagging
Forward, drop, reject, block sender address, close destination port, disconnectActions
Via e-mail, SYSLOG or SNMP trapNotification
Dynamic bandwidth management with IP traffic shapingTraffic shaping
Dynamic reservation of minimum and maximum bandwidths, totally or connection based, separate settings for send and receive directions. Setting
relative bandwidth limits for QoS in percent
Priority queuing of packets based on DiffServ/TOS fieldsDiffServ/TOS
Automatic packet-size control by fragmentation or Path Maximum Transmission Unit (PMTU) adjustmentPacket-size control
Automatic or fixed translation of layer-2 priority information (IEEE 802.11p-marked Ethernet frames) to layer-3 DiffServ attributes in routing mode.
Translation from layer 3 to layer 2 with automatic recognition of 802.1p-support in the destination device
Monitoring and blocking of login attempts and port scansIntrusion Prevention
Source IP address check on all interfaces: only IP addresses belonging to the defined IP networks are allowedIP spoofing
Filtering of IP or MAC addresses and preset protocols for configuration access and LANCAPIAccess control lists
Protection from fragmentation errors and SYN floodingDenial of Service protection
Detailed settings for handling reassembly, PING, stealth mode and AUTH portGeneral
Filtering of unwanted URLs based on DNS hitlists and wildcard filters. Extended functionality with Content Filter OptionURL blocker
Password-protected configuration access can be set for each interfacePassword protection
Alerts via e-mail, SNMP-Traps and SYSLOGAlerts
PAP, CHAP, MS-CHAP and MS-CHAPv2 as PPP authentication mechanismAuthentication mechanisms
Anti-theft ISDN site verification over B or D channel (self-initiated call back and blocking)Anti-theft
Adjustable reset button for 'ignore', 'boot-only' and 'reset-or-boot'Adjustable reset button
VRRP (Virtual Router Redundancy Protocol) for backup in case of failure of a device or remote station. Enables passive standby groups or reciprocal
backup between multiple active devices including load balancing and user definable backup priorities
For completely safe software upgrades thanks to two stored firmware versions, incl. test mode for firmware updatesFirmSafe
In case of failure of the main connection, a backup connection is established over ISDN. Automatic return to the main connectionISDN backup
Static and dynamic load balancing over up to 3 WAN connections. Channel bundling with Multilink PPP (if supported by network operator)Load balancing
Backup of VPN connections across different hierarchy levels, e.g. in case of failure of a central VPN concentrator and re-routing to multiple distributed
remote sites. Any number of VPN remote sites can be defined (the tunnel limit applies only to active connections). Up to 32 alternative remote
stations, each with its own routing tag, can be defined per VPN connection. Automatic selection may be sequential, or dependant on the last
connection, or random (VPN load balancing)
Line monitoring with LCP echo monitoring, dead-peer detection and up to 4 addresses for end-to-end monitoring with ICMP pollingLine monitoring
Enables IPsec VPN based on TCP (at port 443 like HTTPS) which can go through firewalls in networks where e. g. port 500 for IKE is blocked. Suitable
for client-to-site connections (with LANCOM Advanced VPN Client 2.22 or later) and site-to-site connections (LANCOM VPN gateways or routers
with LCOS 8.0 or later). IPSec over HTTPS is based on the NCP VPN Path Finder technology
Max. number of concurrent active IPSec and PPTP tunnels (MPPE): 100. Unlimited configurable connections. Configuration of all remote sites via
one configuration entry when using the RAS user template or Proadaptive VPN.
Features as of: LCOS 8.80
Loading...