Manuale d’uso / di manutenzione del prodotto 8011 VPN del fabbricante Lancom Systems
Vai alla pagina of 77
LANC OM 7111 VPN LANC OM 8011 VPN.
© 2004 LANCOM Systems GmbH, Wuersele n (Germany). All rights r eserved. While the informat ion in this manual has been compile d with great care, it may not be deemed an assurance of product characteristics. LANCOM System s shal l be liable only to the degr ee specified in the terms o f sale and delivery .
LANCOM 7111 VPN – LANC OM 8011 VPN Preface 3 EN Preface Thank you for placing your trust in this LANCOM Systems product. The top models of the LANCOM r outer series serve as extr emely powerful Dynamic VPN gatew ays for medium- sized and lar ge locations.
LANCOM 7111 VPN – L ANCOM 8011 VPN Preface 4 EN We ask you additionally to inform you about technica l developments and actual hints to your product on our W eb page www.
LANCOM 7111 VPN – LANC OM 8011 VPN Preface 5 EN In the other parts of the documentation, all described models have been clas- sified under the general term LANCOM router.
LANCOM 7111 VPN – L ANCOM 8011 VPN Contents 6 EN Contents 1 Introduction 9 1.1 Which use does VPN offer? 9 1.2 Firewall 12 1.3 What does a router do? 13 1.3.1 Bridgehead to the WAN 14 1.3.2 Areas of deployment for routers 14 1.4 What can your LANCOM router do? 15 2 Installation 18 2.
LANCOM 7111 VPN – LANC OM 8011 VPN Contents 7 EN 5 Linking two networks 42 5.1 What informat ion is necessary? 43 5.1.1 General informati on 43 5.1.2 Setti ngs for the TCP/IP router 45 5.1.3 Setti ngs for the IPX router 46 5.1.4 Setti ngs for NetBIOS routing 47 5.
LANCOM 7111 VPN – L ANCOM 8011 VPN Contents 8 EN 9 Troubleshooting 67 9.1 No WAN connection is established 67 9.2 DSL data transfer is slow 67 9.3 Unwanted connections under Windows XP 68 9.4 Cable testing 68 10 Appendix 70 10.1 Performance data and specifications 70 10.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 1: Intr oduction 9 EN 1I n t r o d u c t i o n The models of the LANCOM router series operate as powerful Dynami c VPN gateways with 200 , 500 or 10 00 VPN channels fo r remote sites or mo bile users.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapte r 1: Introdu ction 10 EN Conventional network infrastructure First, let's have a look at a typical network st ructure that can be found in this form or similar forms in many companies: The corporate network is based on the internal ne twork (L AN) in the head- quarters.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 1: Intr oduction 11 EN to the original investment cos ts, ongoing costs are also incurred for the administration and maintenance of this equipment.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapte r 1: Introdu ction 12 EN technologies such as DSL (Dig ital Subscribe r Line) or G.703 (2- Mbit leased lines).
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 1: Intr oduction 13 EN Denial- of- Service Protection A t t a c k s f r o m t h e I n t e r n e t c a n b e b r e a k - i n a t t e m p t s a s w e l l a s a t t a c k s w i t h the aim of blocking th e accessibility and functionality of individual services.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapte r 1: Introdu ction 14 EN Connecting a LAN to the Int ernet does not technically differ from coupling two LANs. The only difference is that it is not just a handful of computers behind the Internet provider's r outer .
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 1: Intr oduction 15 EN ac ces s to t he I nte rnet is r equ ir ed on eit her sid e of t he n etw ork i nte r- connection. Conventional via ISDN Without VPN, a LAN to LAN interco nnection can alternatively be real- ized via ISDN.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapte r 1: Introdu ction 16 EN RAS server (via VPN) 100 tunnel 200 tunnel, optional 500 or 1000 RAS server (via ISDN) IP router IPX router (via ISDN), e.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 1: Intr oduction 17 EN Quality of Service Dynamic bandw idth management / IP- T raffic Shapin g Bandwidth limiting wi th absolute or per connection t ransfer limits, separated from send or re ceive site TOS or DiffServ priority queui ng Automatic packet size adaption in cl.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 2: Installation 18 EN 2 Installation This chapter will assist you to quickly instal l hardware and software. First , check the package contents and system re quirements. The device can be installed and co nfigured quickly and easily if al l prerequisites are fulfilled.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 2: Installatio n 19 EN Operating system that supports TC P/IP , e.g. Windows XP , Windows Mil- lennium Edition (Me), Windows 2000, Windows 98, Windows 95, Win- dows NT , Linux, BS D Unix, Apple Ma c OS, OS/2, BeOS .
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 2: Installation 20 EN Flashing mean s, that th e LED light s up very b riefly in the res pective col - our and stay then clearly longer (a pproximately 10x longer) switched off . Inverse flashing means the opposite.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 2: Installatio n 21 EN VPN VPN connection status Security S tatus of the Fir ewall. Shows the stat e of security settings and blocked attacks on the secured network.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 2: Installation 22 EN ETH 1 to ETH 4 Connection status and data tr affic of the four LAN ports with integrat ed switch:.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 2: Installatio n 23 EN reactivated as requir ed , and the ISDN status LED will once again light up green.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 2: Installation 24 EN 2.3.2 The back of the unit Ports and switches of the r outer are placed on the front and back: The following ports can be found o.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 2: Installatio n 25 EN LAN – c o n n e c t t h e L A N C O M r o u t e r t o y o u r L A N o r t o a n i n d i v i d u a l P C .
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 2: Installation 26 EN 2.5 Software installation This section covers the installation of the included syst em software LANtools for Windows. Y ou may skip this section if you use your LANCOM router exclusively with computers running operatin g systems other than Wi ndows.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 2: Installatio n 27 EN In Setup select Install LANCOM Software . The following selection menus will appear on the screen: 2.5.2 Which software should you install? LANconfig is the configur ation program for all LANCOM r outers and Wireless LAN access point s.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 3: Basic configuration 28 EN 3 Basic configuration The basic configuration can be performed on a step- by- step basis using a convenient setup wizard to guide yo u thr ough the setup process and prompt you for the r equired information.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 3: Basic configur ation 29 EN New LAN—fully automatic configuration possible If all connecte d network devices are sti ll unconfigured, the s etup wizard will suggest ful ly automatic TCP/ IP configuration.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 3: Basic configuration 30 EN Enable DHCP server? Disable the DHC P server function in the LANCO M router if you would li ke to have a different DHCP server as sign the IP addresses in your LAN. 3.1.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 3: Basic configur ation 31 EN 3.1.5 Connect charge pr otection Connect char ge protecti on blocks connections that go beyond a previ ously set amount, protecting you fr om unex pectedly high connection costs.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 3: Basic configuration 32 EN hosts (netmas k > '255.2 55.255.0') , please en sure that the IP address 'x.x.x.254' is located in your own subnet. If you have chosen automatic TCP/IP configuration, please continue with Step .
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 3: Basic configur ation 33 EN Section ’TCP/IP se ttings to workstat ion PCs’ on page 37 will describe the settings r equired for the indivi dual workstations in the LAN. 3.3 Instructions for WEBconfig T o config ure the router with WEBconfi g you must know how to address it in the LAN.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 3: Basic configuration 34 EN address x.x.x.254 ( “x” stands for the first three blocks in the IP address of the configuration PC). Network with DHCP server If a D HCP server is activ e in the LAN to assig n IP addr esses, an unconfig ured LANCOM device will turn off its own DHCP server .
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 3: Basic configur ation 35 EN If you cannot access an unconfigured LANCOM router, the problem may be due to the netmask of the LAN: with less than 254 pos sible hosts (netmas k > '255.2 55.255.0') , please en sure that the IP address 'x.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 3: Basic configuration 36 EN In the following 'Security settings' window , specify a password for config- uration access. Note that the passw ord is case- s ensitive and ensure that it is sufficiently long (at least 6 char acters).
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 3: Basic configur ation 37 EN Connect charge protection can limit the cost of DSL and ISDN connections to a predet ermined amount if desir ed. Confirm your choice wi th Apply . If your devices does not feature an ISDN port, you may now close the setup wizar d.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 3: Basic configuration 38 EN IP address assignment vi a a separate DHCP server The workstation PCs must be configured so that they automatically obt ain their own IP address and the IP addresses of the standard gateway and DNS server (via DHCP).
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 4: Setting up Interne t access 39 EN 4 Setting up Internet access All computers in the LAN can take advant age of the centr al Internet access of the LANCOM router. The connection to the Internet provider can be estab- lished via any W AN connection.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 4: Setting up Interne t access 40 EN ISDN – dial- in number User name and password Additional conn ection options Y ou may also enable or dis.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 4: Setting up Interne t access 41 EN 4.1 Instructions for LANconfig Highlight the LANCOM router in the select ion window . From the menu bar , select Tools Setup Wizard . From the menu, sel ect the Setup Internet access wizard and click Next .
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapte r 5: Linki ng two ne tworks 42 EN 5 Linking two networks With the network interconnection (also known as LAN to LAN coupling) of the LANCOM router, two local networks are linked.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 5: Linking two networks 43 EN The ISDN call back function cannot be configured using the wizard. It can only be set up in the ex pert co nfiguration. F or details, please see the ref ere nce ma nu al . 5.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapte r 5: Linki ng two ne tworks 44 EN I n c a s e y o u r d e v i c e h a s a n ISDN connection , the wizard asks whether the remote site has ISDN as well. The type of IP address must be stated for both sides for VPN connections via the Internet.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 5: Linking two networks 45 EN The password for the ISDN connection is an alternative to the use of the ISDN caller ID. It is always used to authenticate callers that do not s e n d a n I S D N c a l l e r I D .
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapte r 5: Linki ng two ne tworks 46 EN DNS access to the remote LAN Thanks to DNS, it is not only possi ble to access remot e computers i n a TCP/IP network via their IP address, but al so by using fr eely defined names.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 5: Linking two networks 47 EN for the LAN of the head offi ce for the LAN of the br anch office for the high er- level WAN The IPX network numbers in the head an d br anch office s are specifi ed to the resp ec tiv e re mo te s id es.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapte r 5: Linki ng two ne tworks 48 EN Remote Windows workgroups do not appear in the Win dows Network Neighbourhood, but can only be co ntacted di rectly (e. g. via Find Computers). 5.2 Instructions for LANconfig Perfor m the configuration on both routers, one at a time.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 5: Linking two networks 49 EN From the main menu, launch the 'Connect two local area networks' wiz- ard.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 6: Providing dial- up access 50 EN 6 Pr oviding dial- up access Y our LANCOM router supports dial- up co nnections to permit individual com- puters full ac cess to your network. This service is also know n as RAS (Remote Access Service).
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 6: Providing dial- u p access 51 EN 6.1.1 General information The following entries are required to set up a RAS connection. The first column indicates whether the information is required for a VPN and/or an ISDN con- nection.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 6: Providing dial- up access 52 EN 6.1.2 Settings for TCP/IP Ea ch act iv e RA S u se r mu st be a ss ign ed an IP address when using the TCP/IP protocol. This IP address can be permanently assi gned when setting up a user .
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 6: Providing dial- u p access 53 EN The required network numbers are designated as “External Network Num- bers”. Like IP network addresses, they appl y to an entire LAN segment. On the other hand, internal IPX numbers are used to address specific Novell serv ers in the LAN.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 6: Providing dial- up access 54 EN 6.2 Settings for the dial- in co mputer 6.2.1 Dial- up via VPN For dialing into a network vi a VPN a workstation requir es: an Internet access a VPN client LANCOM S ystems offers the LANC OM VP N Client on the LANCOM CD.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 6: Providing dial- u p access 55 EN Select desired network protocols (TCP/IP , IPX) Additional TCP/IP settings: Assignment of IP address an.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 6: Providing dial- up access 56 EN From the main menu, launch the 'C onnect two local networks' wizard. Follow the wizar d's instructions and enter the required information. Configure Dial- Up Networking access on the dial- in PC as described .
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 7: Sending faxes with LA NCAPI 57 EN 7 Sending faxes with LANC API LANCAPI fr om LANCOM Systems is a special vers ion of the popular CAPI inter- face. CAPI (Common ISDN Application Pr ogramming Interface) est ablishes the connection between ISDN adapters an d communications progr ams.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 7: Sending faxes with LANCAPI 58 EN 7.1 Installation of the LANCOM CAPI fax modem Select the entry Install LANCOM software in the setup program of your LANCOM CD . Highlight the option CAPI fax modem , click Next and follow the instruc- tions of the installation routine .
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 7: Sending faxes with LA NCAPI 59 EN When the install ation was successful, the LANCOM CAPI fax modem is entered into the Phone an d Modem Optio ns of the control panel. 7.2 Installation of the MS Windows fax service Select the option Printers and Faxes from the contr ol panel.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 7: Sending faxes with LANCAPI 60 EN For checking the installation, click with the right mouse butt on on the fax- icon and select Propert ies . The LANCOM CAPI fax modem should now be entered into register 'devices'.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 7: Sending faxes with LA NCAPI 61 EN The fax client console will open. Select the menu item Send a Fax.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 8: Security s ettings 62 EN 8 Security settings Yo u r L A N C O M r o u t e r h a s n u m e r o u s s e c u r i t y f u n c t i o n s . Yo u f i n d i n t h i s c h a p t e r all information you need for an optimal protection.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 8 : Security settings 63 EN In a ne xt st e p p ar a me te rs o f t he co nf i gu ra t io n l oc k li ke nu m be r o f f ai l ed log- in attempts and the duration of the lock can be adjusted.
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 8: Security s ettings 64 EN Mark your LANCOM route r in the selection window . Select from the com- mand bar Extras Setup Wizard . Select in the select ion menu the setup wiza rd Configuring Firewall and confirm your choice with Next .
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 8 : Security settings 65 EN Have you assigned a passwo rd for the configuration? The simplest option for the protection of the configur ation is the estab- l i s h m e n t o f a p a s s wo r d .
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 8: Security s ettings 66 EN individually for each route in the routing table. The routing table can be found in the LANconfig i n the 'IP router' configur ation section on the 'Routing' tab.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 9: T roubleshooting 67 EN 9T r o u b l e s h o o t i n g In this chapter , you will find suggesti ons and assistance for a few common dif- ficulties. 9.1 No W AN connection is established After start- up the router automatically attempts to connect to the access pro- v i d e r .
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 9: T roubleshooting 68 EN Numerous ot her factors involving the Int ernet itself can also influence the transfer r ate.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 9: T roubleshooting 69 EN tested (e.g. “DSL1” or “LAN-1”). Pay attention to the corr ect spelling of the interfaces. Start the te st for the specified interfac e by clicking on Execute . Change then to m enu item Expert configuration Status LAN statis- tics Cable test results .
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 10: Append ix 70 EN 10 Appendix 10.1 Performance data and specifications LANCOM 7111 VPN LANCOM 8011 VPN Firewall Stateful inspection , IP packet filter wi th port ranges; masquer ading (NA T/P AT) of TCP , UDP , ICMP , FTP , PPTP , H.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 10: Appendix 71 EN Interfaces WAN: 10/100 Mbps Fast Et hernet LAN/DMZ/Switch: 4 ports, 10/100 Mbps Fa st Ethernet ISDN (RJ- 45): ISDN S0 Bus Serial config (8 pol. Mini DIN) COM po rt: 9600- 11500 baud Management Outband command line interface, se rial V .
LANCOM 7111 VPN – L ANCOM 8011 VPN Chapter 10: Append ix 72 EN 10.2 Contact assignment 10.2.1 DSL interface 6- pin RJ45 socket 10.2.2 ISDN- S 0 interface 8- pin RJ45 socket, corresponding to ISO.
LANCOM 7111 VPN – LANC OM 8011 VPN Chapter 10: Appendix 73 EN 10.2.3 Ethernet interfaces 10/100Base- T 8- pin RJ45 socket, corresponding to ISO 8877, EN 60603- 7 10.
LANCOM 7111 VPN – L ANCOM 8011 VPN Index 74 EN Index Numerics 10/100Base- TX 24 3- DES 42 , 50 A Accounting 30 AES 42 , 50 Autosensing 25 B Bandwidth limiting 17 bandwidth management 17 Basic co.
LANCOM 7111 VPN – LANC OM 8011 VPN Index 75 EN H Hardware installation 24 I ICMP 66 Installation 18 ADSL 25 configuration port 25 ISDN 25 LAN 25 LANtools 25 , 26 power adapter 25 Interconnection.
LANCOM 7111 VPN – L ANCOM 8011 VPN Index 76 EN MSN 51 N NAT – see IP masquerading NetBIOS 47 NetBIOS proxy 16 Netmask 29 Network segment 25 , 47 Number of VPN channels 23 P Package contents 18.
LANCOM 7111 VPN – LANC OM 8011 VPN Index 77 EN TCP/IP 19 , 54 check connection 49 Settings 28 , 32 , 35 Settings to PCs in the LAN 37 Windows size 68 TCP/IP configuration Automatic 35 fully auto.
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il Lancom Systems 8011 VPN è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del Lancom Systems 8011 VPN - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso Lancom Systems 8011 VPN imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul Lancom Systems 8011 VPN ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il Lancom Systems 8011 VPN, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del Lancom Systems 8011 VPN.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il Lancom Systems 8011 VPN. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo Lancom Systems 8011 VPN insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.