LANCOM 821+.LANCOM 1711+ VPN.LANCOM 1721+ VPN 821 LC 821plus 1711plus 1721plus MANUAL EN
User Manual: 821
Open the PDF directly: View PDF 
.
Page Count: 79
| Download | |
| Open PDF In Browser | View PDF |
LANCOM Systems GmbH
Adenauerstr. 20/B2
LANCOM 821+ LANCOM 1711+ VPN LANCOM 1721 VPN
52146 Würselen
Germany
E-Mail: info@lancom.eu
Internet www.lancom.eu
. . . c o n n e c t i n g
y o u r
b u s i n e s s
LANCOM 821+
LANCOM 1711+ VPN
LANCOM 1721+ VPN
쮿
110739/0409
쮿
Handbuch
Manual
110739_LC-821plus-1711plus-1721p1 1
20.04.2009 10:32:30
LANCOM 821+
LANCOM 1711+ VPN
LANCOM 1721+ VPN
© 2009 LANCOM Systems GmbH, Wuerselen (). All rights reserved.
While the information in this manual has been compiled with great care, it may not be deemed an assurance of product
characteristics. LANCOM Systems shall be liable only to the degree specified in the terms of sale and delivery.
The reproduction and distribution of the documentation and software supplied with this product and the use of its contents
is subject to written authorization from LANCOM Systems. We reserve the right to make any alterations that arise as the
result of technical development.
Windows®, Windows Vista™, Windows NT® and Microsoft® are registered trademarks of Microsoft, Corp.
The LANCOM Systems logo, LCOS and the name LANCOM are registered trademarks of LANCOM Systems GmbH. All other
names or descriptions used may be trademarks or registered trademarks of their owners.
Subject to change without notice. No liability for technical errors or omissions.
Products from LANCOM Systems include software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http:/
/www.openssl.org/).
Products from LANCOM Systems include cryptographic software written by Eric Young (eay@cryptsoft.com).
Products from LANCOM Systems include software developed by the NetBSD Foundation, Inc. and its contributors.
Products from LANCOM Systems contain the LZMA SDK developed by Igor Pavlov.
LANCOM Systems GmbH
Adenauerstr. 20/B2
52146 Wuerselen
Germany
www.lancom.eu
Wuerselen, April 2009
110739/0409
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Preface
Preface
With the LANCOM Router you have chosen a powerful router that possesses
integrated DSL respectively ADSL and ISDN interfaces by default as well as an
integrated 4-port switch. With this router you can simply and comfortably
connect individual PCs or whole local networks to the high-speed Internet.
Model variants
This user manual applies to the following models of the LANCOM Router
series:
LANCOM 821+
LANCOM 1721+ VPN
LANCOM 1711+ VPN
Model
restriction
The sections of the documentation that refer only to a range of models are
marked either in the corresponding text itself or with appropriate comments
placed beside the text.
In the other parts of the documentation, all described models have been classified under the general term LANCOM Router.
Security settings
To maximize the security available from your product, we recommend that you
undertake all of the security settings (e.g. firewall, encryption, access protection) that were not already activated when you purchased the product. The
LANconfig Wizard 'Security Settings' will help you with this task. Further information is also available in the chapter 'Security settings'.
We would additionally like to ask you to refer to our Internet site
www.lancom.eu for the latest information about your product and technical
developments, and also to download our latest software versions.
3
EN
Thank you for placing your trust in this LANCOM Systems product.
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Preface
Components of the documentation
The documentation of your device consists of the following parts:
EN
Installation Guide
User manual
PBX Functions manual
Reference manual
Menu Reference Guide
You are now reading the user manual.
It contains all information you need to put your device into operation. It also
contains all of the important technical specifications.
The Reference Manual is to be found as an Acrobat document (PDF file) at
www.lancom.eu/download or on the CD supplied. It is designed as a supplement to the user manual and goes into detail on topics that apply to a variety
of models. These include, for example:
The system design of the operating system LCOS
Configuration
Management
Diagnosis
Security
Routing and WAN functions
Firewall
Quality of Service (QoS)
Virtual Private Networks (VPN)
Virtual Local Networks (VLAN)
Wireless networks (WLAN)
Backup solutions
LANCAPI
Further server services (DHCP, DNS, charge management)
The Menu Reference Guide (also available at www.lancom.eu/download or on
the CD supplied) describes all of the parameters in LCOS, the operating system
used by LANCOM products. This guide is an aid to users during the configuration of devices by means of WEBconfig or the telnet console.
4
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Preface
This documentation was created by …
... several members of our staff from a variety of departments in order to
ensure you the best possible support when using your LANCOM product.
Our online services www.lancom.eu are available to you around the
clock if you have any questions on the content in this manual, or if you
require any further support. The area 'Support' will help you with
many answers to frequently asked questions (FAQs). Furthermore, the
knowledgebase offers you a large reserve of information. The latest
drivers, firmware, utilities and documentation are constantly available
for download.
In addition, LANCOM Support is available. For telephone numbers
and contact addresses for LANCOM Support, please refer to the
enclosed leaflet or the LANCOM Systems Web site.
Information symbols
Very important instructions. Failure to observe these may result in damage.
Important instruction that should be observed.
Additional information that may be helpful but is not essential.
5
EN
Should you find any errors, or if you would like to suggest improvements,
please do not hesitate to send an e-mail directly to:
info@lancom.eu
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Contents
Contents
1 Introduction
1.1 How do ADSL and ADSL 2+ work?
1.2 What does VPN offer?
EN
2 Installation
2.1 Package contents
9
10
14
14
2.2 System requirements
14
2.3 Status displays and interfaces
2.3.1 Device connectors
15
19
2.4 Hardware installation
22
2.5 Software installation
2.5.1 Starting the software setup
2.5.2 Which software should I install?
23
24
24
3 Basic configuration
25
3.1 What details are necessary?
3.1.1 TCP/IP settings
3.1.2 Configuration protection
3.1.3 Settings for the wireless LAN
3.1.4 Settings for the DSL connection
3.1.5 Settings for the ISDN Connection
3.1.6 Charge protection
25
25
27
28
29
29
29
3.2 Instructions for LANconfig
30
3.3 Instructions for WEBconfig
31
3.4 TCP/IP settings for PC workstations
35
4 Setting up Internet access
4.1 The Internet Connection Wizard
4.1.1 Instructions for LANconfig
4.1.2 Instructions for WEBconfig
6
9
37
39
39
40
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Contents
41
5.1 Which details are necessary?
5.1.1 General information
5.1.2 Settings for the TCP/IP router
5.1.3 Settings for the IPX router
5.1.4 Settings for NetBIOS routing
42
42
44
45
46
5.2 Instructions for LANconfig
47
5.3 1-Click-VPN for networks (site-to-site)
48
5.4 Instructions for WEBconfig
49
6 Providing dial- in access
51
6.1 Which details are necessary?
6.1.1 General information
6.1.2 Settings for TCP/IP
6.1.3 Settings for IPX
6.1.4 Settings for NetBIOS routing
51
52
53
54
54
6.2 Settings on the dial-in computer
6.2.1 Dialing-in via VPN
6.2.2 Dialing-in via ISDN
55
55
55
6.3 Instructions for LANconfig
56
6.4 1-Click-VPN for LANCOM Advanced VPN Client
56
6.5 Instructions for WEBconfig
57
7 Fax transmission with LANCAPI
58
7.1 Installing the LANCOM CAPI Faxmodem
59
7.2 Installing the MS Windows Fax Service
60
7.3 Sending a fax
7.3.1 Sending faxes from an office application
7.3.2 Sending faxes with the Windows Fax Service
61
61
61
8 Security settings
63
8.1 Security settings Wizard
8.1.1 LANconfig Wizard
8.1.2 WEBconfig Wizard
63
63
64
8.2 The security checklist
64
7
EN
5 Connecting two networks
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Contents
9 Advice & assistance
9.1 No WAN connection can be established
68
9.2 DSL data transfer is slow
68
9.3 Unwanted connections under Windows XP
69
9.4 Cable testing
69
EN
10 Appendix
71
10.1 Performance data and specifications
71
10.2 Connector wiring
10.2.1 WAN interface
10.2.2 ADSL interface
10.2.3 ISDN-S0 interface
10.2.4 Ethernet interface 10/100Base-T
10.2.5 Configuration interface (outband)
72
72
72
73
73
74
10.3 Declaration of conformity
74
11 Index
8
68
75
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 1: Introduction
1 Introduction
The VPN option, which is either integrated already or can be activated subsquently, enables the LANCOM 1721+ VPN and LANCOM 1711+ VPN to act as
powerful Dynamic VPN gateways for external offices or mobile users.
The LANCOM Router models offer each a DSL or ADSL connector and also an
ISDN connector. The ISDN line can be used as back-up for the DSL connection,
for remote management of the router, as basis for the office communication
via LANCAPI or for establishing VPN connections to remote sites with dynamic
IP addresses.
By using the Voice over IP function, these devices can transfer voice data over
broadband Internet connections as well.
1.1
How do ADSL and ADSL 2+ work?
ADSL (Asymmetric Digital Subscriber Line) is currently the most common technology for broadband Internet connections. Standard and almost ubiquitous
telephone lines (analog or DSL) are the basis for DSL data transfer to the nearest telephone exchange. From here, the data is passed directly on to the Internet over high-speed connections.
The asymmetric DSL variant ADSL was developed for applications where users
receive large amounts of data but transmit only small amounts, such as when
surfing in the WWW. ADSL subscribers can receive data at up to 8 Mbps
("downstream") and transmit at up to 800 kbps ("upstream"). ADSL providers
are able to reduce these maximum rates as they please.
To satisfy the strongly increasing demand for higher bandwidths, the standards ADSL 2 and ADSL 2+ provider higher data rates as a basis for applications such as video streaming or high-definition TV (HDTV) over the Internet.
Depending on the Internet provider, ADSL 2 devices support downstream data
rates of up to 12 Mbps, and ADSL 2+ devices support up to 24 Mbps. Handshake routines during connection establishment ensure that the standards
ADSL, ADSL 2 and ADSL 2+ are intercompatible.
Parallel to data transfer, ADSL also provides full and unlimited support for the
classic applications in telephony (telephone, fax, answering machine, PBX).
9
EN
The models LANCOM 821+, LANCOM 1721+ VPN and LANCOM 1711+ VPN
are fully-featured routers that therefore also can be used in combination with
the integrated firewall for providing secure Internet access to a complete local
network (LAN).
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 1: Introduction
This is facilitated by splitters which separate the voice frequencies from the
data frequencies.
EN
1.2
For LANCOM
1711+ VPN and
LANCOM 1721+
VPN only
What does VPN offer?
A VPN (Virtual Private Network) can be used to set up secure data communications over the Internet.
The models LANCOM 1721+ VPN and LANCOM 1711+ VPN are factory equipped to support VPN with 5 active tunnels. With the additional LANCOM VPN Option, VPN support can be extended to 25
active tunnels (incl. activated hardware accelerator).
The following structure results when using the Internet instead of direct connections:
HEADQUARTER
LAN
VPN GATEWAY
SERVER
BRANCH
INTERNET
LAN
VPN ROUTER
ROUTER
LAPTOP
All participants have fixed or dial-up connections to the Internet. Expensive
dedicated lines are no longer needed.
All that is required is the Internet connection of the LAN in the headquarters. Special switching devices or routers for dedicated lines to individual
participants are superfluous.
The subsidiary also has its own connection to the Internet.
10
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 1: Introduction
The RAS PCs connect to the headquarters LAN via the Internet.
The physical connection no longer exists directly between two participants;
instead, the participants rely on their connection to the Internet. The access
technology used is not relevant in this case: Broadband technology such as
DSL (Digital Subscriber Line) is ideal. A conventional ISDN line can be used,
too.
The technologies of the individual participants do not have to be compatible
to one another, as would be the case for conventional direct connections. A
single Internet access can be used to establish multiple simultaneous logical
connections to a variety of remote sites.
The resulting savings and high flexibility makes the Internet (or any other IP
network) an outstanding backbone for a corporate network.
LANCOM
821+
LANCOM
1711+ VPN
LANCOM
1721+ VPN
What can your LANCOM Router do?The following table contains a direct
comparison of the properties and functions of your devices with other models:
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
Applications
Internet access
LAN to LAN coupling via VPN
LAN to LAN coupling via ISDN
✔
RAS server (via VPN)
RAS server (via ISDN)
IP router
IPX router (via ISDN), e.g. for coupling of Novell networks or dialling into
Novell networks
NetBIOS proxy for coupling of Microsoft peer-to-peer networks via ISDN
DHCP and DNS server (for LAN and WAN)
N:N mapping for coupling networks using the same IP address ranges
Bridge function for coupling networks via ISDN connection
✔
✔
✔
✔
✔
✔
✔
11
EN
The Internet is available virtually everywhere and typically has low access
costs. Significant savings can thus be achieved in relation to switched or dedicated connections, especially over long distances.
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
LANCOM
821+
LANCOM
1711+ VPN
LANCOM
1721+ VPN
Chapter 1: Introduction
✔
✔
✔
✔
✔
2 channels
4 channels
4 channels
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
ISDN S0 bus in multi device-mode or in point-to-point mode with automatic D-channel protocol identification. Supports static and dynamic
channel bundling per MLPPP and BACP as well as Stac data compression
(Hi/fn)
✔
✔
✔
Port for external modem, analogue or GSM (requires LANCOM modem
adapter kit; from LCOS 5.0)
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
Port-Mapping to set up LAN ports as additional WAN ports
Policy-based routing for policy-based selection of target routes
EN
Load-balancing for bundling of multiple DSL channels
Backup solutions and load balancing with VRRP
NAT Traversal (NAT-T)
DMZ with configurable IDS checks
PPPoE-Server
WAN-RIP
Spanning Tree Protocol
Layer-2-QoS-Tagging
ISDN leased lines
LANCAPI server for the operating with office applications as fax or
answering machine via ISDN interface
WAN connection
Connection for DSL or cable modem
Integrated ADSL modem (ADSL2+ ready)
LAN connection
4 individual Fast Ethernet LAN ports, switchable separately, e.g. as LAN
switch or separate DMZ ports, auto crossover.
USB connector
USB 2.0 host port (full speed: 12 Mbps) for connecting a USB printer and
for future extensions
Security functions
IPSec encryption in external software (VPN client)
5 integrated VPN tunnels for protection of network connections
IPSec encryption in hardware (optional; activated with the VPN-25
option)
IP masquerading (NAT, PAT) to conceal individual LAN workstations
behind a single public IP address.
12
✔
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
LANCOM
1711+ VPN
LANCOM
1721+ VPN
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
Configuration with LANconfig or with web browser, additionally terminal
mode for Telnet or other terminal programs, SNMP interface and TFTP
server function.
✔
✔
✔
Remote configuration via ISDN (with ISDN-PPP connections e.g. via Windows network and dial-up connections)
✔
✔
✔
Serial configuration interface
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
Stateful Inspection Firewall
Firewall filter for blocking individual IP addresses, protocols and ports
MAC address filter regulates, for example, LAN-workstation access to the
IP routing function
Protection of the configuration from brute-force attacks.
EN
LANCOM
821+
Chapter 1: Introduction
Configuration
Callback function with PPP authentication mechanisms for restriction to
fixed ISDN telephone numbers
FirmSafe with firmware versions for absolutely secure software upgrades
Optional software extensions
LANCOM VPN Option with 25 active tunnels for protection of network
couplings
Optional hardware extensions
LANCOM Modem Adapter Kit for connection of analog or GSM modems
to the serial interface
✔
13
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 2: Installation
2 Installation
This chapter will assist you to quickly install hardware and software. First,
check the package contents and system requirements. The device can be
installed and configured quickly and easily if all prerequisites are fulfilled.
EN
2.1
Package contents
LANCOM 1711+ VPN
LANCOM 1721+ VPN
LANCOM 821+
Please check the package contents for completeness before starting the
installation. In addition to the device itself, the package should contain the
following accessories:
Power adapter
✔
✔
✔
LAN connector cable (green plugs)
✔
✔
✔
✔
WAN connector cable (dark blue plugs)
ADSL connector cable (transparent plugs)
✔
ISDN connector cable (light blue plugs)
✔
✔
✔
✔
Connector cable for the configuration interface
✔
✔
✔
LANCOM CD
✔
✔
✔
Printed documentation
✔
✔
✔
If anything is missing, please contact your retailer or the address stated on the
delivery slip of the unit.
2.2
System requirements
Computers that connect to a LANCOM must meet the following minimum
requirements:
14
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 2: Installation
Operating system that supports TCP/IP, e.g. Windows Vista™,
Windows XP, Windows Millennium Edition (Me), Windows 2000, Windows 98, Linux, BSD Unix, Apple Mac OS, OS/2.
Access to the LAN via the TCP/IP protocol.
2.3
The LANtools also require a Windows operating system. A web
browser under any operating system provides access to WEBconfig.
EN
Status displays and interfaces
Meanings of the LEDs
In the following sections we will use different terms to describe the behaviour
of the LEDs:
Blinking means, that the LED is switched on or off at regular intervals in
the respective indicated colour.
Flashing means, that the LED lights up very briefly in the respective colour and stay then clearly longer (approximately 10x longer) switched off.
Inverse flashing means the opposite. The LED lights permanently in the
respective colour and is only briefly interrupted.
Flickering means, that the LED is switched on and off in irregular intervals.
Front side
The various LANCOM Router models have different numbers of indicators on
the front panel depending on their functionality.
LANCOM 821+ and
LANCOM 1721+ VPN
VPN
ETH 4
ETH 2
ETH 3
ETH 1
ISDN Data
ADSL Data
ISDN Status
Online
ADSL Status
Power
LANCOM 1721 VPN
not available on LANCOM 821+
VPN
ETH 4
ETH 3
ETH 2
ETH 1
ISDN Data
ISDN Status
WAN Data
WAN Status
Online
1711+ VPN
Power
LANCOM 1711+ VPN
15
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 2: Installation
Top
The two top-mounted LEDs enable the main function status to be assessed
even if the device is positioned vertically.
EN
Power
Online
Power
This LED indicates that the device is operational. After the device has been
switched on, it will flash green for the duration of the self-test. After the selftest, either an error is output by a flashing red light code or the device starts
and the LED remains lit green.
off
blinking
Self-test when powering up
green
constantly on
Device ready for use
red/
green
blinking alternately
Device insecure: configuration password not assigned
red
blinking
Time or connect-charge reached
16
Device off
green
The power LED flashes red/green in alternation until a configuration
password has been specified. Without a configuration password, the
configuration data of the LANCOM is insecure. Under normal circumstances, you would assign a configuration password during the basic
configuration (see instructions in the following chapter). For information about a later assignment of the configuration password see the
section “Security settings”.
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 2: Installation
Reset connect charge protection.
Increase the limit that has been reached.
Completely deactivate the lock that has been triggered (set limit
to '0').
Signal for reached time
or connect-charge
limit
EN
There's no need to worry if the Power LED blinks red and you can no
longer connect to the WAN. This simply indicates that a preset time or
connect-charge limit has been reached. There are three methods
available for unlocking:
Power
Power
Flashing Power LED but no connection?
If a time or connect charge limit has been reached, you will be notified in LANmonitor. To
reset the connect charge protection, select Reset Charge and Time Limits in the context
menu (right mouse click). You can configure the connect charge settings in LANconfig under
Management Costs (you will only be able to access this configuration if 'Complete configuration display' is selected under View Options…).
You will find the connect charge protection reset in WEBconfig and all parameters under
Expert Configuration Setup Charges- module.
Online
The online LED displays the general status of all WAN interfaces:
Off
ADSL status
( LANCOM
821+ and
LANCOM
1721+ VPN
only)
No active connection
Green
Flashing
Opening the first connection
Green
Inverse flashing
Opening an additional connection
Green
On (permanently)
At least one connection is established
Red
On (permanently)
Error establishing the last connection
Information on connection status at the ADSL connector:
Off
Interface deactivated
Green
Blinking/flashing
Handshake/training
Green
Permanently
Synchronization successful
Red
Flickering
Error (CRC error, framing error, etc.)
Red
On (permanently)
No synchronization, searching for remote station
Red/
orange
Blinking
Hardware error
17
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 2: Installation
EN
ADSL data
( LANCOM
821+ and
LANCOM
1721+ VPN
only)
WAN Status
(only LANCOM
1711+ VPN)
Information on data traffic at the ADSL connector:
Off
No logical connection
Green
Blinking
Opening the first connection
Green
Inverse flashing
Opening an additional connection
Green
Permanently
At least one logical connection is established
Green
Inverse flickering
Data traffic (send or receive)
Connection status of the WAN connection:
off
green
WAN Data
(only LANCOM
1711+ VPN)
not connected
blinking
green
invers flashing
Establishing further connection
green
constantly on
At least one connection established
red
constantly on
Error while establishing connection
Data traffic via the WAN connection:
off
ISDN status
No network device connected
green
constantly on
Connection to network device operational, no data traffic
green
flickering
Data traffic (send or receive)
Information on connection status at the ISDN S0 connector:
Off
Not connected or no S0 voltage (no error message)
Green
Blinking
D-channel initialization (establishing contact to provider)
Green
On (permanently)
D-channel operational
Red
Flickering
D-channel error
Red
On (permanently)
D-channel activation failed
18
Establishing first connection
If the ISDN status LED goes off automatically, this does not indicate
an error at the S0 bus. It is in fact because several ISDN connections
and PBXs switch the S0 bus into power-saving mode after a certain
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 2: Installation
period of inactivity. When needed, the S0 bus automatically reactivates and the ISDN status LED illuminates in green.
Status display for both ISDN B channels:
off
ETH
No connection established
green
Blinking
Dialling
green
Flashing
Establishing first connection
green
Inverse flashing
Establishing further connection
green
Constantly on
Connection established via B channel
green
Flickering
Data traffic (send or receive)
EN
ISDN Data
LAN connector status in the integrated switch:
Off
VPN
No networking device attached
Green
On (permanently)
Connection to network device operational, not data traffic
Green
Flickering
Data traffic
Red
Flickering
Data packet collision
Status of a VPN connection.
Off
2.3.1
No VPN tunnel established
Green
Blinking
Connection establishment
Green
Flashing
First connection
Green
Inverse flashing
Other connections
Green
On (permanently)
VPN tunnels are established
Device connectors
The connections and switches of the router are located on the back panel:
19
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 2: Installation
LANCOM 821+ and
LANCOM 1721+
VPN
not available on LANCOM 821+
DC12V
ETH4
ETH3
EN
ETH2
ETH1
USB
Config (COM)
ISDN S0
ADSL
Reset
Voltage switch
Connection for the included power adapter
Switch with four 10/100Base-Tx connections
USB connection
Serial configuration port
ISDN/S0 port
ADSL port
Reset switch
LANCOM 1711+
VPN
I
DC 12 V
ETH 4
ETH 3
ETH 2
ETH 1
WAN
USB
Voltage switch
Connection for the included power adapter
Switch with four 10/100Base-Tx connections
WAN port
USB connection
ISDN/S0 port
Serial configuration port
20
Config (COM)
ISDN-S0
Reset
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 2: Installation
Reset switch
Restarting the device (soft reset) – push the button for less than five
seconds. The device will restart.
Resetting the configuration (hard reset) – push the button for more
than five seconds. All the device's LEDs will light up green and stay
on. As soon as the reset switch is released, the device will restart with
factory default settings.
Reset button functions
The reset button offers two basic functions—boot (restart) and reset (to the
factory settings)—which are called by pressing the button for different
lengths of time.
It is not always possible to install a device under lock and key. There is consequently a risk that the configuration will be deleted by mistake if a co-worker
presses the reset button too long. With the suitable setting, the behavior of
the reset button can be controlled.
Configuration tool
Call
WEBconfig, Telnet
Expert configuration > Setup > Config
Reset button
This option controls the behavior of the reset button when it is pressed:
Ignore: The button is ignored.
Boot only: With a suitable setting, the behavior of the reset button can
be controlled; the button is then ignored or a press of the button
prompts a re-start only, however long it is held down.
Please observe the following notice: The settings 'Ignore' or 'Boot only' makes it
impossible to reset the configuration to the factory settings. If the password is lost for
a device with this setting, there is no way to access the configuration! In this case the
serial communications interface can be used to upload a new firmware version to the
device—this resets the device to its factory settings, which results in the deletion of the
former configuration. Instructions on firmware uploads via the serial configuration
interface are available in the LCOS reference manual.
21
EN
The reset switch has two different functions depending on the length of time
that it is pressed:
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 2: Installation
Reset-or-boot (standard setting): Press the button briefly to re-start
the device. Pressing the button for 5 seconds or longer restarts the
device and resets the configuration to its factory settings.
All LEDs on the device light up continuously.
Once the switch is released the device will restart with the restored
factory settings.
EN
2.4
After resetting, the device starts completely unconfigured and all settings are lost. If possible be sure to backup the current device configuration before resetting.
Hardware installation
The installation of the LANCOM Router base station takes place in the following steps:
LAN – connect the LANCOM Router to your LAN or to an individual PC.
For that purpose, plug the included network cable (green plugs) into the
LAN connector of the device and the other end into a free network
connecting socket of your local network, into a free socket of a hub/switch
or into the network socket of an individual PC.
The LAN connector identifies automatically the transfer rate (10/100
Mbps) of the connected network device (autosensing). A parallel connection of devices with different speeds and types is possible.
You should never have more than one unconfigured LANCOM Router
in a network segment at any given time. All unconfigured LANCOM
Router devices use the same IP address (with the final digits '254'),
which would result in an address conflict. To avoid problems, always
configure multiple LANCOM Router devices one at a time, immediately assigning each device a unique IP address (one that does not
end with '254').
821+/1721 only
ADSL – connect the ADSL interface to the splitter using the supplied
ADSL connector cable (transparent plugs).
1711+ only
DSL – connect the WAN interface to the DSL modem socket using the
supplied DSL connector cable (dark blue plugs).
ISDN – to connect the LANCOM Router to the ISDN, plug one end of the
supplied ISDN connector cable (light blue plugs) in the ISDN/S0 port
22
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 2: Installation
Configuration port – you may optionally connect the router directly to
the serial port (RS-232, V.24) of a PC. Use the cable supplied for this purpose. Connect the configuration port of the LANCOM (LANCOM 821+
and LANCOM 1721+ VPN) or
(LANCOM 1711+ VPN) with a free serial
port of the PC.
Alternatively you may connect an external modem (analogue or GSM) to
the serial port using the LANCOM modem adapter kit, if you would like to
make use of an additional WAN line for remote maintenance, backup connections or dynamic VPN.
Connect to power – Connect socket
using the included power adapter.
of the unit to a power supply
Use the supplied power supply unit only! Using an unsuitable power
supply unit may cause damage or injury.
Operational? – After a short device self-test the Power LED will be permanently lit. Green LAN LEDs indicate the LAN sockets that have functioning connections.
2.5
Devices with integrated ADSL modem could become quite warm during their operation. Concerning these models, please pay attention to
the ambient air temperature range of max. 35°C. Make sure that the
ventilation is sufficient. Do not stack the devices and do not expose
them to direct insolation!
Software installation
The following section describes the installation of the Windows-compatible
system software LANtools, as supplied.
You may skip this section if you use your LANCOM VPN Router exclusively with computers running operating systems other than Windows.
23
EN
(LANCOM 821+ and LANCOM 1721+ VPN) or (LANCOM 1711+ VPN)
of the router and the other end into an ISDN/S0 multi-device mode or
point-to-point mode connection.
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 2: Installation
2.5.1
Starting the software setup
Place the product CD into your drive. The setup program will start automatically.
If the setup does not start automatically, run AUTORUN.EXE in the
root directory of the LANCOM CD.
EN
In Setup, select Install software. The following selection menus will appear
on screen:
2.5.2
Which software should I install?
LANconfig is the Windows configuration program for all LANCOM
routers and LANCOM access points. WEBconfig can be used alternatively or in addition via a web browser.
With LANmonitor you can use a Windows computer to monitor all of
your LANCOM routers and LANCOM access points.
With Documentation you copy the documentation files onto your PC.
Select the appropriate software options and confirm your choice with Next.
The software is installed automatically.
24
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 3: Basic configuration
3 Basic configuration
First of all this chapter presents the information that has to be entered for the
basic configuration. This first section will help you to gather up all of the necessary data before you start the Wizard.
You subsequently enter this information into the Setup Wizard. Starting the
program and the following procedure are described step by step. LANconfig
and WEBconfig each have their own description. With all of the necessary
information collected in advance, this basic configuration can now take place
quickly and in ease.
At the end of this chapter we show you the necessary settings for the workplace computers in the LAN so that they can access the device without problem.
3.1
What details are necessary?
The Basic Settings Wizard is used to set the LANCOM VPN Routers basic TCP/
IP parameters and to protect the device with a configuration password. The
following description of the information required by the wizard is divided into
the following configuration sections:
3.1.1
TCP/IP settings
Protecting the configuration
Wireless LAN details
DSL connection details
DSL connection details
Configuring toll protection
Security settings
TCP/IP settings
TCP/IP configuration can be performed in two different ways: Either fully automatically or manually. No user input is required if TCP/IP configuration is performed automatically. All parameters are set by the Setup Wizard on its own.
When manual TCP/IP configuration is performed the wizard prompts for the
usual TCP/IP parameters: IP address, network mask etc. (more on this later)
25
EN
The basic configuration is conducted with a convenient Setup Wizard that
provides step-by-step guidance through the configuration and that requests
any necessary information.
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 3: Basic configuration
The fully automatic TCP/IP configuration is only possible in certain network
environments. For this reason the Setup Wwizard analyses the connected LAN
to see whether fully automatic configuration is possible or not.
New LAN – fully automatic configuration possible
EN
The setup wizard offers to configure TCP/IP fully automatically if no network
devices connected have yet been configured. This usually happens in the following situations:
Only a single PC is going to be attached to the LANCOM VPN Router
Setting up a new network
Fully automatic TCP/IP configuration will not be offered if you are integrating
the LANCOM VPN Router into an existing TCP/IP LAN. In this case please continue with the section 'Required information for manual TCP/IP configuration'.
The result of fully automatic TCP/IP configuration is as follows: The LANCOM
VPN Router is assigned the IP address '172.23.56.254' (network mask
'255.255.255.0'). The integrated DHCP server is also activated so that the
LANCOM VPN Router can assign the devices in the LAN IP addresses automatically.
Should you still configure manually?
Fully automatic TCP/IP configuration is optional. Instead of this you can select
manual configuration. Make this selection after considering the following:
Select automatic configuration if you are not familiar with networks and
IP addresses.
Select manual TCP/IP configuration if you are familiar with networks and
IP addresses and one of the following statements is true:
You have not yet used any IP addresses in your network but would like
to now; You would like to specify the IP address for the router yourself
and would like to assign it a user-defined address from one of the
address ranges reserved for private use, for example '10.0.0.1' with
a network mask of '255.255.255.0'. If you do this you simultaneously
specify the address range that the DHCP server will subsequently use
for the other devices in the network (provided the DHCP server is activated).
You have so far also used IP addresses on the computers in the LAN.
26
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 3: Basic configuration
Required information for manual TCP/IP configuration
DHCP mode of operation
Off: The IP addresses required must be entered manually.
Server: The LANCOM VPN Router operates as DHCP server in the network; as a minimum its own IP address and the network mask must
be assigned.
Client: The LANCOM VPN Router obtains its address information from
another DHCP server; no address information is required.
IP address and network mask for the LANCOM VPN Router
Assign the LANCOM VPN Router a free IP address from your LAN's address
range and enter the network mask.
Gateway address
Enter the gateway's IP address if you have selected 'Off' as the DHCP
mode of operation or if another network device is assuming the role of
gateway in the 'Server' mode of operation.
DNS server
Enter the IP address of a DNS server to resolve domain names if you have
selected 'Off' as the DHCP mode of operation or if another network device
is assuming the role of DNS server in the 'Server' mode of operation.
3.1.2
Configuration protection
Using a password secures access to the LANCOM VPN Router's configuration
and thus prevents unauthorized modification. The device's configuration contains a great deal of sensitive data such as data for Internet access and should
be protected by a password in all cases.
Multiple administrators can be set up in the configuration of the
LANCOM, each with differing access rights. Up to 16 different administrators can be set up for a LANCOM VPN Router. Further information
can be found in the LCOS reference manual under “Managing rights
for different administrators”.
In the managed mode the LANCOM Wireless Routers and LANCOM
Access Points automatically receive the same root password as the
WLAN-Controller, assuming that no root password has been set in the
device itself.
27
EN
When performing manual TCP/IP configuration the Setup Wwizard prompts
you for the following information:
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 3: Basic configuration
3.1.3
Settings for the wireless LAN
Network name (SSID)
EN
The Basic Settings Wizard prompts for the access point's network name (frequently referred to as SSID – Service Set Identifier). The name is of your own
choice. Several access points with the same name form a common wireless
LAN.
Open or closed wireless LAN?
Mobile wireless devices select the desired wireless LAN by specifying the network name. Two methods serve to facilitate the specification of network
name:
Mobile wireless devices can search ("scan") the vicinity for wireless LANs
and offer the wireless LANs they find in a list for selection.
By using the network name 'ANY' the mobile wireless device registers with
the nearest available wireless LAN.
The wireless LAN can be "closed" in order to prevent this procedure. In this
case it will not accept any devices attempting to register with the network
name 'ANY'.
Selecting a radio channel
The access point operates in a specific radio channel. The radio channel is
selected from a list of up to 13 channels in the 2.4 frequency band or up to 19
channels in the 5 GHz frequency band (individual radio channels are blocked
in some countries. Please refer to the appendix for more details).
The channel and frequency range used determine the operation if the common wireless standard, with the 5 GHz frequency range corresponding to the
IEEE 802.11a/h standard and the 2.4 GHz frequency range determining operation in the IEEE 802.11g and IEEE 802.11b standards.
If no other access points are operating within the access point's range, any
radio channel can be set. Otherwise the channels in the 2.4 GHz band must
be selected in such a way that they do not overlap and are as far apart as possible. In the 5 GHz band the automatic setting, where the LANCOM Access
Point uses TPC and DFS to select the best channel is normally sufficient.
28
Please refer to the LCOS reference manual for more information on
TPC and DFS.
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 3: Basic configuration
3.1.4
Settings for the DSL connection
The wizard will offer you a universal 'multimode' protocol that works with all
common types of DSL connection.
3.1.5
Settings for the ISDN Connection
If you wish to use the ISDN connection you can make the following settings:
One or more ISDN MSNs on which the router should answer calls. MSNs
are ISDN call numbers that your telephone company allocates to you. They
are usually specified without a prefix. The numbers specified are only
important for router functions (LAN-LAN coupling, RAS), but not for the
remote configuration and LANCOM VPN Option.
A prefix to access the public telephone network. It is normally only
required when connecting via an ISDN PBX. Usually this is a '0'. This prefix
is used for all outgoing calls.
Finally you should know whether the telephone company transmits an
ISDN metering pulse. This can be evaluated by the LANCOM Router for
cost budgets and the accounting function.
3.1.6
Charge protection
Charge protection prevents DSL connections being established above and
beyond a predefined amount and therefore protects you from unexpectedly
high connection charges.
If you operate the LANCOM Router on a DSL link that is charged on a time
basis you can set the maximum connection time in minutes.
The budget can be completely deactivated by entering a value of '0'.
In the basic settings, charge protection is set to a maximum value of
600 minutes in any seven day period. Please adjust this parameter to
match your own requirements, or deactivate charge protection if you
have agreed a tariff for unlimited traffic with your provider.
29
EN
It may be necessary to enter the transmission protocol used for the DSL connection. The wizard will enter the correct setting for the most important DSL
providers on its own. Only when the wizard does not list your provider must
the transmission protocol used by your DSL provider be entered.
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 3: Basic configuration
3.2
Instructions for LANconfig
Start LANconfig with Start Programs LANCOM LANconfig.
LANconfig automatically detects new LANCOM devices in the TCP/IP network.
EN
As standard, LANCOM Wireless Routers and LANCOM Access Points in
managed mode are not displayed by LANconfig carrying out its device
search. To display these devices, activate the option 'Search for managed
APs'.
If the search detects an unconfigured device, the Setup Wizard launches
to help you with its basic settings, or indeed to handle the entire process
on your behalf (assuming that the appropriate networking environment
exists).
30
If the Setup Wizard does not start automatically, you can manually
search for new devices at all interfaces (if the LANCOM VPN Router is
connected via the serial configuration interface) or in the network
(File Find devices).
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 3: Basic configuration
If you cannot access an unconfigured LANCOM VPN Router, the problem may be the LAN netmask: In case there are less than 254 potential
hosts available (netmask >'255.255.255.0'), you must ensure that the
IP address 'x.x.x.254' is available in your subnet.
Give the LANCOM an address from the applicable IP address range. Confirm with Next.
In the window that follows, you first set the password to the configuration. Entries are case sensitive and should be at least 6 characters long.
You also define whether the device can be configured from the local network only, or if remote configuration via WAN (i.e.. from a remote network) is to be permitted.
Be aware that releasing this option also allows remote configuration
over the Internet. Whichever option you select, make sure that configuration access is password protected.
Charge protection is a function which can place a limit on the costs from
WAN connections. Accept your entries with Next.
Close the configuration with Finish.
3.3
See the section 'TCP/IP settings for PC workstations' for information
on the settings that are required for computers in the LAN.
Instructions for WEBconfig
Device settings can be configured from any Web browser. WEBconfig configuration software is an integral component of the LANCOM. A Web browser is
all that is required to access WEBconfig. WEBconfig offers similar Setup Wizards to LANconfig and hence provides the perfect conditions for easy configuration of the LANCOM – although, unlike LANconfig, it runs under any
operating system with a Web browser.
Secure with HTTPS
WEBconfig offers secure (remote) configuration by encrypting the configuration data with HTTPS.
31
EN
If you choose automatic TCP/IP configuration, you can continue with step
.
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 3: Basic configuration
https://
Always use the latest version of your browser to ensure maximum
security. For Windows, LANCOM Systems GmbH recommends the latest version of the Internet Explorer.
Accessing the device with WEBconfig
EN
To carry out a configuration with WEBconfig, you need to know how to contact the device. Device behavior and accessibility for configuration via a Web
browser depend on whether the DHCP server and DNS server are active in the
LAN already, and whether these two server processes share the assignment in
the LAN of IP addresses to symbolic names. WEBconfig accesses the LANCOM
either via its IP address, the device name (if configured), or by means of any
name if the device has not yet been configured.
Following power-on, unconfigured LANCOM devices first check whether a
DHCP server is already active in the LAN. Depending on the situation, the
device can either enable its own DHCP server or enable DHCP client mode. In
the second operating mode, the device can retrieve an IP address for itself
from a DHCP server in the LAN.
If a LANCOM Wireless Router or LANCOM Access Point is centrally
managed from a LANCOM WLAN Controller, the DHCP mode is
switched from auto-mode to client mode upon provision of the WLAN
configuration.
Network without a DHCP server
Not for centrally
managed LANCOM
Wireless Routers or
LANCOM Access
Points
In a network without a DHCP server, unconfigured LANCOM devices enable
their own DHCP server service when switched on and assign IP addresses,
information on gateways, etc. to other computers in the LAN (provided they
are set to automatic retrieval of IP addresses – auto DHCP). In this constellation, the device can be accessed by every computer with the auto DHCP function enabled with a Web browser under IP address 172.23.56.254.
32
With the factory settings and an activated DHCP server, the device forwards all incoming DNS requests to the internal Web server. This
means that a connection can easily be made to set set up an unconfigured LANCOM by entering any name into a Web browser.
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
EN
Chapter 3: Basic configuration
If the configuration computer does not retrieve its IP address from the
LANCOM DHCP server, it determines the current IP address of the computer
(with Start Run cmd and command ipconfig at the prompt under Windows 2000 or Windows XP or Windows Vista, with Start Run cmd and
command winipcfg at the prompt under Windows Me or Windows 9x, or
with command ifconfig in the console under Linux). In this case, the LANCOM
can be accessed with address x.x.x.254 (the “x”s stand for the first three
blocks in the IP address of the configuration computer).
Network with DHCP server
If a DHCP server for the assignment of IP addresses is active in the LAN, an
unconfigured LANCOM device disables its own DHCP server, switches to DHCP
client mode and retrieves an IP address from the DHCP server in the LAN.
However, this IP address is initially unknown and accessing the device
depends on the name resolution:
If the LAN also has a DNS server for name resolution and this communicates the IP address/name assignment to the DHCP server, the device can
be reached under name "-", e.g. “-00a057xxxxxx”.
http://-00a05700094A
33
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 3: Basic configuration
The MAC address on a sticker on the base of the device.
EN
If there is no DNS server in the LAN, or if it is not coupled to the DHCP
server, the device cannot be reached via the name. In this case the following options remain:
Under LANconfig use the function "Find devices", or under WEBconfig
use the "search for other devices" option from any other networked
LANCOM.
Use suitable tools to find out the IP address assigned to the LANCOM
by DHCP and access the device directly using this IP address.
Use the serial configuration interface to connect a computer running
a terminal program to the device.
Login
When prompted for user name and password when accessing the device,
enter your personal data in the appropriate fields. Observe the use of upper
and lower case.
If you used the general configuration access, only enter the corresponding
password. The user name field remains blank in this case.
34
As an alternative, the login dialog provides a link for an encrypted
connection over HTTPS. Always use the HTTPS connection for
increased security whenever possible.
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 3: Basic configuration
Setup Wizards
EN
The setup Wizards allow quick and easy configuration of the most common
device settings. Select the Wizard and enter the appropriate data on the following screens.
3.4
The settings are not stored in the device until inputs are confirmed on
the last screen of the Wizard.
TCP/IP settings for PC workstations
It is extremely important to assign the correct addresses to all of the devices
in the LAN. Also, all of these computers must know the IP addresses of two
central stations in the LAN:
Standard gateway – receives all packets which are not addressed to computers in the local network
DNS server – translates network and computer names into their actual IP
addresses.
The LANCOM VPN Router can fulfill the functions of a standard gateway and
also of a DNS server. It can also operate as a DHCP server, which automatically
assigns IP addresses to all of the computers in the LAN.
The correct TCP/IP configuration of a PC in the LAN depends essentially on the
method used for assigning IP addresses in the LAN:
IP address allocation by a LANCOM
In this operating mode, a LANCOM uses DHCP to allocate not only an IP
address to each PC in the LAN and WLAN (for devices with a radio module), but it also communicates its own IP address as the standard gateway
and DNS server. For this reason, the PCs have to be set up to automatically
retrieve their own IP address and those of the standard gateway and DNS
server via DHCP.
35
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 3: Basic configuration
IP address allocation by a separate DHCP server
For this reason, the workstation PCs have to be set up to automatically
retrieve their own IP address and those of the standard gateway and DNS
server via DHCP. The DHCP server is to be programmed such that the IP
address of the LANCOM is communicated to the PCs in the LAN as the
standard gateway. The DHCP server should also communicate that the
LANCOM is the DNS server.
EN
Manual IP address assignment
If IP addresses in a network are statically assigned, then the IP address of
the LANCOM is to be set as the standard gateway and DNS server in the
TCP/IP configuration of each PC in the LAN.
36
Further information and help on the TCP/IP settings for your LANCOM
VPN Router is available in the Reference Manual. For information on
the network configuration of workstation PCs, refer to the documentation for the installed operating system.
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 4: Setting up Internet access
4 Setting up Internet access
The LANCOM provides a central point of Internet access for all of the computers in the LAN.
For models not equipped with a WAN connector, a LAN interface is configured
as a DSLoL connector and is connected to a compatible ADSL modem.
The connection to the Internet provider can be established via any WAN connector, i.e. via ADSL, UMTS or ISDN (where available). Internet access via
UMTS or ISDN can be used to backup an ADSL connection. When setting up
Internet access via UMTS, please also take note of the information under the
section → 'Setting up the UMTS profile'.
The connection to the Internet provider can be established via any WAN connector, i.e. via DSL or ISDN (where available). Internet access via ISDN can be
used to backup a DSL connection.
INTERNET
HEADQUARTER
SERVER
LAN
ROUTER
GATEWAY
Which WAN interface?
Setting up the Internet access is carried out with the help of a convenient Wizard. In the first step you select the WAN interface that is to be used for establishing the Internet connection.
To establish an Internet connection via the DSL interface, an external ADSL
modem first has to be connected to one of the device's ETH ports. When setting up the Internet access, you define which ETH port the ADLS modem has
been connected to.
Does the Setup Wizard know your Internet provider?
The Wizard is preset with access data for the principal Internet providers in
your country and offers you a selection list. If you find your Internet provider
in this list, then you generally do not have to enter any additional parameters
37
EN
The connection to the Internet provider can be established via the WAN connection which is connected to an ADSL or cable modem.
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 4: Setting up Internet access
to set up your Internet access. All that is required is the authentication data
as supplied to you by your Internet provider.
Internet provider unknown
EN
If the list in the Setup Wizard does not contain your provider, you will be asked
step-by-step for all of the necessary data. This access data will have been supplied to you by your Internet provider.
Other connection options
In addition you can use the Wizard to activate or deactivate additional options
(if supported by your Internet provider):
Billing by time or flatrate – select the method by which you are billed by
your Internet provider.
In case of billing by time, you can set the LANCOM to cut connections
automatically if no data flows for a certain time (the hold time).
You can also set up line polling that detects inactive remote sites very
quickly and, in such cases, can close the connection before the hold
time expires.
In case of flatrate billing you can also set up line polling to monitor
the function of the remote site.
Apart from that you can opt to keep flatrate connections permanently
active ("keep-alive"). In case a connection should fail, it is re-established automatically.
Creating a backup connection to the Internet
The most common utilization of the backup solution is to provide an auxiliary
Internet connection. When setting up an Internet connection, an the additional option is to create a second connection to the Internet via an alternative
WAN interface. If the primary Internet access is set up to operate via the ADSL
interface, you can set up your backup connection to operate via UMTS or
ISDN.
38
When configuring the backup connection you can set up an alternative provider, if available. This allows you not only to overcome problems with the physical line, but also problems in your provider's own
network as well.
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 4: Setting up Internet access
4.1.1
The Internet Connection Wizard
Instructions for LANconfig
Mark your device in the selection window. From the command line, select
Extras Setup Wizard.
EN
4.1
In the selection menu, select the Setup Wizard, Set up Internet connection and confirm the selection with Next.
In the following windows you select your country, your Internet provider
if possible, and you enter your access data.
Depending on availability the Wizard provides further options for your
Internet connection.
After entering all of the necessary data the Wizard then offers you the
option of setting up a backup connection. Select the corresponding WAN
interface to be used for the backup connection and enter the relevant
access data for the Internet connection.
The Wizard then sets up the alternative Internet access and at the same
time creates the necessary entries into the backup table and also in the
PPP table for checking the Internet connection.
Please be aware that in the case of backup via UMTS, some of the
services provided over the main Internet connection may not be available. Some UMTS service providers either prevent the use of VPN tunnels or VoIP applications or only allow them after payment of
additional fees. Other providers assign IP addresses from an internal
address range, so preventing applications that rely on public IP
addresses from working. Please ask your UMTS provider for information on limitations that may apply.
39
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 4: Setting up Internet access
The Wizard will inform you as soon as the entries are complete. Close the
configuration with Finish.
EN
LANconfig: Fast starting of the Setup Wizards
The fastest way of starting the Setup Wizards
under LANconfig is to use the command button
in the button bar.
4.1.2
Instructions for WEBconfig
Select the entry Set up Internet connection from the main menu.
In the following windows you select your country, your Internet provider
if possible, and you enter your access data.
Depending on availability the Wizard provides further options for your
Internet connection.
The wizard will inform you as soon as the entries are complete. Close the
configuration with Finish.
40
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 5: Connecting two networks
5 Connecting two networks
VPN: Connecting LANs over VPN ensures that the Internet-based connection between the two LANs has high-security protection. Each LAN must
be equipped with a VPN-capable router.
ISDN: Connectivity based on ISDN uses a direct connection between the
two LANs via an ISDN connection. Each LAN must be equipped with a
router with an ISDN interface.
Setting up LAN-LAN connectivity is carried out with the familiar convenience
of a Setup Wizard.
Always configure both ends
Both of the routers for LAN-LAN connectivity must be configured. Note that
the configuration information at both ends must match.
The following instructions assume that LANCOM Routers are being
operated at both ends. It is possible to set up network connectivity
between routers from other manufacturers. However, this mixed configuration frequently requires far-reaching modifications to both
devices. In cases like this refer to the Reference Manual.
Security aspects
Of course your LAN has to be protected from unauthorized access. For this
reason, a LANCOM provides a range of security mechanisms that offer an outstanding level of protection.
VPN: VPN-based connectivity relies on IPsec for transferring data. The
encryption methods employed are 3-DES, AES or Blowfish
ISDN: Security for ISDN-based connectivity relies on password protection,
a check of the ISDN number, and the call-back function.
The ISDN call-back function cannot be set up by Wizard, but in the
Expert Configuration only. Refer to the reference manual for information on this.
41
EN
Network connectivity, also known as LAN-LAN connectivity, with the
LANCOM Router is used for interconnecting two local area networks. LANLAN connectivity can be implemented in two basic ways:
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 5: Connecting two networks
5.1
Which details are necessary?
The Wizard requests you for all of the necessary details step by step. If possible, you should have all of this information to hand before you start the Wizard.
EN
The significance of the information required by the Wizard can be explained
by an example: Connectivity between a branch office and your main office.
The two routers are named 'MAIN OFFICE' and 'BRANCH OFFICE'.
The following tables indicate which entries are to be made for each of the two
routers. Paths show how the entries relate to one another.
5.1.1
General information
The following information is required for setting up LAN-LAN connectivity. The
first column shows whether the information for network connectivity is
required via VPN (simple method with pre-shared keys) and/or via ISDN.
For further information on VPN-based network connectivity by other
methods, refer to the LANCOM Reference Manual.
Connectivity
Entry
Gateway 1
Gateway 2
VPN
Does the remote site have an ISDN connection?
Yes/No
Yes/No
VPN
Type of local IP address
Static/dynamic
Static/dynamic
VPN
Type of remote IP address
Static/dynamic
Static/dynamic
VPN + ISDN
Name of the local device
'MAIN OFFICE'
'BRANCH OFFICE'
VPN + ISDN
Name of the remote site
'BRANCH OFFICE'
'MAIN OFFICE'
VPN + ISDN
ISDN-calling number of the remote device
(0123) 123456
(0789) 654321
VPN + ISDN
ISDN calling line ID of the remote device
(0789) 654321
(0123) 123456
VPN
Password for the secure transmission of the
IP address
'Secret'
'Secret'
VPN
Shared Secret for encryption
'Secret'
'Secret'
VPN
IP address of remote device
'10.0.2.100'
'10.0.1.100'
VPN + ISDN
IP-network address of the remote network
'10.0.2.0'
'10.0.1.0'
VPN + ISDN
Netmask of the remote network
'255.255.255.0'
'255.255.255.0'
42
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 5: Connecting two networks
Entry
Gateway 1
Gateway 2
VPN + ISDN
Domain descriptor in the remote network
'branch.company'
'headquarter.company'
VPN
Hide own stations when accessing remote
network (extranet VPN)?
Yes/No
Yes/No
ISDN
TCP/IP routing for accessing the remote network?
Yes/No
Yes/No
ISDN
IPX routing for accessing the remote network?
Yes/No
Yes/No
VPN + ISDN
NetBIOS routing for accessing the remote
network?
Yes/No
Yes/No
VPN + ISDN
Name of a local workgroup (for NetBIOS
only)
'workgroup1'
'workgroup2'
ISDN
Data compression
On/off
On/off
ISDN
Channel bundling
On/off
On/off
EN
Connectivity
Notes on the different settings:
If you own device features an ISDN connection, the Wizard will ask you
whether the remote site also has one.
For VPN connections over the Internet, the type of IP address at each end
must be specified. There are two types of IP address. Static and
dynamic. The differences between these two IP address types are
explained in the Reference Manual.
The Dynamic VPN function makes it possible to establish VPN connections
between gateways with dynamic IP addresses, and not only between
gateways with static (fixed) IP addresses. An ISDN connection is required
to actively establish VPN connections to remote sites that use dynamic IP
addresses.
If you have not yet given a name to your LANCOM, the Wizard will ask you
to enter a new name for your device. Entering a name will cause your
LANCOM to be renamed. Ensure that you give different names to the two
remote devices.
The name of the remote site is required for identifying the devices.
In the field ISDN number the telephone number of the remote ISDN site
is specified. Enter the full telephone number for the remote site, including
all necessary prefixes (e.g. area codes).
43
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 5: Connecting two networks
EN
The ISDN calling line ID specified is used to identify and authenticate the
caller. If a LANCOM Router is called, it compares the ISDN calling line ID
entered for the remote site to the ID that is actually received over the D
channel from the caller. An ISDN ID generally consists of the country code
and an MSN.
The password for the ISDN connection is an alternative to the ISDN
calling line ID. This is used to authenticate the caller if no ISDN calling line
ID is received. The password must be entered identically at both ends. It
is used for calls in both directions.
The shared secret is the central password for the VPN connection's security. It must be entered identically at both ends.
Data compression improves transmission speeds without incurring extra
costs. This is the completely different to the bundling of two ISDN channels by MLPPP (MultiLink-PPP): This doubles the bandwidth, although
this generally doubles the connection costs as well.
5.1.2
Settings for the TCP/IP router
In the TCP/IP network, correct addressing is of extreme importance. For network connectivity, it should be observed that both networks are logically separated. For this reason they require their own network number (e.g. '10.0.1.x'
and '10.0.2.x'). The two network numbers must be different.
'server.main_office.com'pc1.branch_office.
10.0.2.10
10.0.1.2
10.0.1.100
(0123) 123456
LAN at the main office. IP:
10.0.1.0,
Netmask: 255.255.255.0
VPN or ISDN connection
10.0.2.100
(0789) 654321
Branch office LAN. IP: 10.0.2.0,
Netmask: 255.255.255.0
Domain: 'branch_office.com' all of IP addresses
makes
Unlike with Internet access, network connectivity
visible in all participating networks, including those in the remote LAN, and
44
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 5: Connecting two networks
not just that of the router. The computer with the IP address 10.0.2.10 in the
branch-office LAN sees the server 10.0.1.2 at the main office and, with the
appropriate rights, has access to it. The same applies in the other direction.
DNS access to the remote LAN
For example, the computer named 'pc1.branch_office.company (IP 10.0.2.10)
can access the server at the main office by using its IP address or the name
'server.main_office.company'. There is just one requirement: The domain of
the remote network must be entered into the Wizard.
The domain can only be specified in the LANconfig Wizard. With
WEBconfig, the necessary changes are made later in the Expert Configuration. Refer to the LANCOM Router reference manual for more
detailed information.
VPN extranet
In the case of LAN-LAN connectivity via VPN, you can mask the individual
computers behind another IP address. The operating mode referred to as
'extranet VPN' enables computers to be made visible from the remote LAN not
with their own IP address, but with a freely definable address such as that of
the VPN gateway.
This avoids giving stations in a remote LAN direct access to the computers in
your own LAN. For example, if extranet VPN mode is set up to provide access
from the branch-office LAN to the main office from the IP address
'10.10.2.100', and computer '10.10.2.10' then accesses the server
'10.10.1.2', the server receives a request from the IP '10.10.2.100'. The actual
address of the computer is masked.
If LAN connectivity uses the extranet mode, the remote site does not receive
the actual (masked) LAN addresses, but the IP address published by the LAN
('10.10.2.100' in the above example). The netmask in this case is
'255.255.255.255'.
5.1.3
Settings for the IPX router
VPN-based IPX-network connectivity cannot be set up in the Wizard.
The Expert Configuration has to be used instead. Refer to the reference manual for information on this.
45
EN
Remote computers in a TCP/IP network can be accessed not only with their IP
addresses, but also by freely definable names with the aid of DNS.
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 5: Connecting two networks
Only LANCOM
821+
For connectivity between two typical IPX networks via a WAN, three IPX network numbers are necessary:
For the LAN at the main office
For the LAN at the branch office
For the superordinate WAN
EN
The IPX network numbers for the main and branch office are each entered at
their respective opposite sites.
IPX internal net:
00020002
WAN
IPX network no.:
00000009
VPN or ISDN connection
(0123) 123456
LAN at the main office
IPX network no.: 00000001
Binding: Ethernet_II
(0789) 654321
LAN at the branch office
IPX network no.: 00000002
Binding: Ethernet_II
According to IPX convention, the three necessary network numbers are
referred to as "external network numbers". Similar to IP network addresses,
they apply for an entire LAN segment. Conversely, the IPX internal network
numbers are for addressing a particular Novell server in the LAN. All three of
these network numbers must differ not only from one another but also from
all IPX internal network numbers being used.
Furthermore, it may be necessary to specify the frame type (binding) used in
the remote LAN.
If a Novell server is operated in the remote network, it is not necessary to
specify the remote IPX network number or the binding. In this case, the only
requirement is the manual entry of the network number for the WAN.
5.1.4
Settings for NetBIOS routing
NetBIOS routing is quick to set up: In addition to the specifying the TCP/IP protocol being used, the only other information required is the name of a Windows workgroup in the LAN used by the router.
46
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 5: Connecting two networks
Instructions for LANconfig
Carry out the configuration on both routers, one after the other.
Launch the Wizard 'Connect two local area networks'. Follow the Wizard’s
instructions and enter the necessary data.
The Wizard will inform you when the required information is complete.
You can then close the Wizard with Finish.
Once you have completed the set-up of both routers, you can start testing
the network connection. Try to communicate with a computer in the
47
EN
5.2
Remote Windows workgroups do not appear in the Windows network
environment, but they can be contacted directly (e.g.by searching for
a computer of known name).
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 5: Connecting two networks
remote LAN (e.g. with ping). The LANCOM Router should automatically
connect to the remote site and make contact to the requested computer.
EN
Ping – the quick test of a TCP/IP connection
To test a TCP/IP connection, simply send a
ping from your computer to a computer in
the remote network. Details on the ping
command are available from the documentation for your operating system.
IPX connections can be tested by searching
for a remote Novell server. NetBIOS connections can be tested by searching a computer
in the remote Windows workgroup.
5.3
1-Click-VPN for networks (site-to- site)
The site-to-site-to-site connectivity of networks is now very simple with the
help of the 1-Click-VPN wizard. It is even possible to simultaneously couple
multiple routers to a central network.
In LANconfig, mark the routers at branch offices which are to be coupled
to a central router via VPN.
Use drag&drop by mouse to place the devices onto the entry for the central router.
48
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 5: Connecting two networks
EN
The 1-Click-VPN Site-to-Site Wizard will be started. Enter a name for this
access and select the address under which the router is accessible from
the Internet.
Select whether connection establishment is to take place via the name or
IP address of the central router, or via an ISDN connection. Enter the
address or name of the central router, or its ISDN number.
The final step is to define how the networks are to intercommunicate:
The INTRANET at headquarters only is to be provided to the branch
offices.
All private networks at the branch offices can also be connected to
one another via headquarters.
5.4
All entries for the central device are made just once and are then
stored to the device properties.
Instructions for WEBconfig
In WEBconfig, VPN-based network connectivity cannot be set up in
the Wizard. The Expert Configuration has to be used instead. Refer to
the reference manual for information on this.
Carry out the configuration on both routers, one after the other.
In the main menu, launch the Wizard 'Connect two local area networks'.
Follow the Wizard’s instructions and enter the necessary data.
49
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 5: Connecting two networks
The Wizard will inform you when the required information is complete.
You can then close the Wizard with Next.
EN
Once you have completed the set-up of both routers, you can start testing
the network connection. Try to communicate with a computer in the
remote LAN (e.g. with ping). The LANCOM Router should automatically
connect to the remote site and make contact to the requested computer.
50
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 6: Providing dial- in access
6 Providing dial-in access
VPN: RAS access via VPN provides a highly secure Internet-based connection between the LAN and the dial-in computer. The router in the LAN
must support VPN; the dial-in computer needs any form of Internet access
and a VPN client.
ISDN: RAS access via ISDN provides a direct connection between the LAN
and the dial-in computer over an ISDN phone line. The router in the LAN
needs an ISDN interface. The dial-in computer needs an ISDN adapter or
an ISDN modem. The protocol of data transfer is PPP. This ensures that all
normal devices and operating systems are supported.
Setting up dial-in access is carried out with the familiar convenience of a
Setup Wizard.
Security aspects
Of course your LAN has to be protected from unauthorized access.
For this reason, a LANCOM provides a range of security mechanisms that offer
an outstanding level of protection.
VPN: VPN-based connectivity relies on IPsec for transferring data. The
encryption methods employed are 3-DES, AES or Blowfish
ISDN: Security for ISDN-based connectivity relies on password protection,
a check of the ISDN number, and the call-back function.
6.1
The ISDN call-back function cannot be set up by Wizard, but in the
Expert Configuration only. Refer to the reference manual for information on this.
Which details are necessary?
The Wizard sets up an access account for just one user. For additional users,
launch the Wizard again.
51
EN
Your LANCOM can be set up with dial-in access accounts enabling individual
computers to dial-in to your LAN and fully participate in the network for the
duration of the connection. This service is called RAS (Remote Access Service).
RAS access can be implemented in two basic ways:
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 6: Providing dial- in access
6.1.1
General information
The following information is required for setting up RAS access. The first column shows whether the information for RAS access is required via VPN (simple method with pre-shared keys) and/or via ISDN.
For further information on RAS access by other methods, refer to the
LANCOM Reference Manual.
EN
Connectivity
Entry
VPN + ISDN
User name
VPN + ISDN
Password
VPN
Shared Secret for encryption
VPN
Hide own stations when accessing remote network (extranet VPN)?
ISDN
Incoming caller ID number of the dial-in computer
ISDN
TCP/IP routing for accessing the remote network?
ISDN
IPX routing for accessing the remote network?
VPN + ISDN
IP address(es) for one or more dial-in computer(s): Fixed or dynamic from the
IP address pool
VPN + ISDN
NetBIOS routing for accessing the remote network?
VPN + ISDN
Name of a local workgroup (for NetBIOS only)
Notes on the different settings:
User name and password: This access data serves to identify the user
when dialing in.
Incoming number: The optional ISDN calling line ID is used by the
LANCOM Router for additional user authentication. This security function
should not be employed if the user will be dialing-in from various ISDN
connections.
52
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 6: Providing dial- in access
You will find information on the other parameters required for RAS
access in the chapter 'Connecting two networks'.
The ISDN calling line ID (CLI)
The CLI is ideal for authentication for two reasons: It is difficult to manipulate. It is transmitted
free of charge via the ISDN D-channel.
6.1.2
Settings for TCP/IP
TCP/IP requires that every active RAS is assigned an IP address.
LAN at the main
office. IP: 10.0.1.0
Remote computer
IP: 10.0.1.101
VPN or ISDN connection
10.0.1.100
(0123) 123456
ISDN adapter
User: 'SMITH'
(0123) 777888
This IP address can be manually set to a fixed value when the user is created.
A simpler option is to allow the LANCOM Router to assign the user with a free
IP address when dialing in. In this case, all you have to do is to set the range
of IP addresses which are to be available for assignment to the RAS users by
the LANCOM Router.
For both manual and automatic IP address assignment, ensure that the
addresses are freely available in your local network. In our example, the PC is
assigned with the IP address '10.0.1.101' when it dials in.
This IP address allows the PC to fully participate in the LAN: With the appropriate rights, it can access any other device in the LAN. This relationship also
applies in the other direction: The remote PC can be access from the LAN.
53
EN
The ISDN Calling Line Identity (CLI)is the phone number of the calling party as transmitted to
the called party. This is a number generally made up of the national dial code and an MSN.
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 6: Providing dial- in access
6.1.3
Only LANCOM
821+
Settings for IPX
For RAS dial-in to an IPX network, two IP network numbers have to be specified:
the IPX network number of the main office
An additional IPX network number for the superordinate WAN
EN
IPX internal net:
00020002
WAN
IPX network no.:
00000009
VPN or ISDN connection
(0123) 123456
LAN at the main office
IPX network no.: 00000001, Binding: Ethernet_II
Remote computer
ISDN adapter
User: 'SMITH'
(0123) 777888
According to IPX convention, the necessary network numbers are referred to
as "external network numbers". Similar to IP network addresses, they apply
for an entire LAN segment. Conversely, the IPX internal network numbers are
for addressing Novell servers in the LAN. All three of these network numbers
must differ not only from one another but also from all IPX internal network
numbers being used.
Furthermore, it may be necessary to specify the frame type (binding) used in
the remote LAN.
If a Novell server is operated in the remote network, it is not necessary to
specify the remote IPX network number or the binding. In this case, too, a network number for the WAN must be specified manually.
6.1.4
Settings for NetBIOS routing
When working with NetBIOS, the only information required is the name of a
Windows workgroup in the LAN used by the router.
54
The connection is not established automatically. The RAS user first has
to manually establish a connection to the LANCOM Router with the
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 6: Providing dial- in access
help of Dial-Up Networking. Once the connection has been established, the computer can access and search the other network (click
on Search Computer, do not use the Network Neighborhood).
6.2.1
Settings on the dial-in computer
Dialing-in via VPN
EN
6.2
For dialing-in to a network via VPN, a computer needs:
Internet access
A VPN client
LANCOM Systems offers you a 30-day test version of the LANCOM Advanced
VPN Client on the CD supplied. A precise description of the VPN client and
notes on its setup are also to be found on the CD.
The Wizard then requests the parameters that were specified when setting up
the RAS access in the LANCOM Router.
6.2.2
Dialing-in via ISDN
A number of settings are required by the dial-in computer. This example is
based on a Windows computer.
Dial-Up Networking (or any other PPP client) installed correctly.
Network protocol (TCP/IP, IPX) installed and associated with the dial-up
adapter
New connection in Dial-Up Networking with the phone number of the
router
Terminal adapter or ISDN card set up for PPPHDLC
PPP selected and the dial-up server type, 'Activate compression in software' and 'Request encrypted password' switched off.
Select the required network protocols (TCP/IP, IPX)
Additional TCP/IP settings
Assignment of IP address and name server address activated
'IP header compression' deactivated
With these settings, a PC can dial-in to the remote LAN and access the network resource in the usual manner.
55
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 6: Providing dial- in access
6.3
Instructions for LANconfig
EN
Launch the 'Provide Remote Access (RAS, VPN, IPsec over WLAN)' Wizard.
Follow the Wizard’s instructions and enter the necessary data.
The Wizard will inform you when the required information is complete.
You can then close the Wizard with Finish.
Configure the access account on the dial-in PC as described. Subsequently
test the connection (see box 'Ping – the quick test of a TCP/IP connection').
6.4
1-Click-VPN for LANCOM Advanced VPN Client
VPN accesses for employees who dial into the network with the LANCOM
Advanced VPN Client are very easy to set up with the Setup Wizard and
exported to a file. This file can then be imported as a profile by the LANCOM
Advanced VPN Client. All of the information about the LANCOM VPN Router's
configuration is also included, and then supplemented with randomly generated values (e.g. for the preshared key).
Use LANconfig to start the 'Set up a RAS Account' wizard and select the
'VPN connection'.
Activate the options 'LANCOM Advanced VPN Client' and 'Speed up configuration with 1-Click-VPN'.
Enter a name for this access and select the address under which the router
is accessible from the Internet.
In the final step you can select how the access data is to be entered:
56
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 6: Providing dial- in access
Save profile as an import file for the LANCOM Advanced VPN Client
Send profile via e-mail
Print out profile
Sending a profile via e-mail could be a security risk should the e-mail
be intercepted en route!
To send the profile via e-mail, the device configuration must be set up
with an SMTP account with the necessary access data. Further, the
configuration computer requires an e-mail program that is set up as
the standard e-mail application and that can be used by other applications to send e-mails.
When setting up the VPN access, certain settings are made to optimize operations with the LANCOM Advanced VPN Client, including:
Gateway: If defined in the LANCOM VPN Router, a DynDNS name is used
here, or alternatively the IP address
FQDN: Combination of the name of the connection, a sequential number
and the internal domain in the LANCOM VPN Router.
Domain: If defined in the LANCOM VPN Router, the internal domain is
used here, or alternatively a a DynDNS name or IP address
VPN IP networks: All IP networks defined in the device as type 'Intranet'.
Preshared key: Randomly generated key 16 ASCII characters long.
Connection medium: The LAN is used to establish connections.
VoIP prioritization: VoIP prioritization is activated as standard.
Exchange mode: The exchange mode to be used is 'Aggressive Mode'.
IKE config mode: The IKE config mode is activated, the IP address information for the LANCOM Advanced VPN Client is automatically assigned
by the LANCOM VPN Router.
6.5
Instructions for WEBconfig
In the main menu, launch the Wizard 'Provide remote access (RAS)'. Follow the Wizard’s instructions and enter the necessary data.
Configure the access account on the dial-in PC as described. Subsequently
test the connection (see box 'Ping – the quick test of a TCP/IP connection').
57
EN
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 7: Fax transmission with LANCAPI
7 Fax transmission with LANCAPI
LANCAPI from LANCOM Systems is a specialized version of the widespread
ISDN CAPI interface. CAPI stands for Common ISDN Application Programming
Interface and it links ISDN adapters and communications software. This software in turn provides the computer with office-communications functions
such as a fax or answering machine.
EN
The chief benefit from using LANCAPI is economical. LANCAPI provides all of
the Windows workstations in a LAN with unlimited access to ISDN officecommunication functions such as fax, answering machine, online banking,
and Eurofile transfer. Without any additional hardware, every workstation can
make use of the full range of ISDN functions provided via the network. This
completely dispenses with the need to equip workstations with expensive
equipment such as ISDN adapters or modems. The sole requirement is to
install the office-communication software on each workstation.
PCs with fax software
Fax
ISDN
ISDN adapter
LANCAPI from LANCOM equips workstation PCs with a convenient fax transmission facility without having a fax machine connected to it. A number of
components must be installed on the computer to support this:
The LANCAPI client. This sets up the connection between your workstation PC and the LANCAPI server.
The LANCOM CAPI Faxmodem. This tool simulates a fax machine on
your computer.
58
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 7: Fax transmission with LANCAPI
The MS Windows Fax Service. This is the interface between the fax
applications and the virtual fax.
PCs with fax software, LANCAPI client, CAPI
Faxmodem and MS Windows Fax Service
Fax
LAN
EN
ISDN
LANCOM with
LANCAPI server
Installing the LANCAPI client is described in the Reference Manual. This chapter deals with installing and configuring the LANCOM CAPI Faxmodem and
MS Windows Fax Service.
7.1
Installing the LANCOM CAPI Faxmodem
From the setup program on your LANCOM CD, select the entry LANCOM
software installation.
Select the option CAPI Faxmodem, click on Next and follow the instructions of the installation routine.
59
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 7: Fax transmission with LANCAPI
EN
After successful installation, the LANCOM CAPI Fax Modem is entered into the
Control Panel under Phone and modem options.
7.2
Installing the MS Windows Fax Service
Go to the Control Panel and select the option Printers and faxes.
In the Printers and faxes window select the option Install a local fax
printer. Then follow the instructions provided by the installation tool. In
the current window, an icon for the new fax printer appears.
To check the installation, click with the right-hand mouse key on the fax icon
and select Properties. The LANCOM CAPI Faxmodem should be entered on
the 'Devices' tab.
60
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 7: Fax transmission with LANCAPI
7.3
Sending a fax
7.3.1
EN
After installing the necessary components, there are a number of ways to send
a fax from your computer. If you have a file ready to send, you can send this
straight from its application. On the other hand, if you just want to send a
short note, you can use the MS Windows Fax Service itself. Alternatively you
can use any fax program.
Sending faxes from an office application
Open your document in the usual manner with your office application and
select the menu item File/Print.
Define the fax device as the printer.
Click on “OK”. A Wizard is displayed that guides you through the rest of
the procedure.
7.3.2
Sending faxes with the Windows Fax Service
Go to the Control Panel and open the Printers and faxes dialog.
Double-click with the left-hand mouse key on the fax-device icon.
61
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 7: Fax transmission with LANCAPI
EN
The fax client console opens up. Select the menu item Send file/fax. A
Wizard guides you through the remaining procedure.
62
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 8: Security settings
8 Security settings
Your LANCOM features numerous security functions. This chapter provides you
with all of the information you need to optimally protect your device.
You can carry out the configuration of security settings very quickly
and conveniently with the Security Wizards in LANconfig and
WEBconfig.
EN
8.1
Security settings Wizard
Access to the configuration of a device allows access to more than just critical
information (e.g. Internet password). Far more critical is that settings for
security functions (e.g.the firewall) can be altered. Unauthorized access is not
just a risk for the device itself, but for the entire network.
Your LANCOM offers password-protected access to its configuration. This is
activated during the initial basic configuration simply by entering a password.
If the wrong password is entered a certain number of times, the device automatically blocks access to the configuration for a fixed period. You can modify
the critical number of attempts and also the duration of the lock. By default,
the device locks for five minutes after five incorrect entries of the password.
Along with these basic settings, you can use the Security settings Wizard to
check the settings of your wireless network (if so equipped).
8.1.1
LANconfig Wizard
Mark your LANCOM in the selection window. From the command line,
select Extras Setup Wizard.
In the selection menu, select the Setup Wizard, Check security settings
and confirm the selection with Next.
63
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 8: Security settings
In the dialogs that follow you can set the password and select the protocols to be available for accessing the configuration from local and remote
networks.
In a subsequent step, you can set parameters for locking the configuration
such as the number of incorrect password entries and the duration of the
lock.
EN
For the firewall, you can activate stateful inspection, ping blocking, and
the stealth mode.
The Wizard will inform you as soon as the entries are complete. Close the
configuration with Finish.
8.1.2
WEBconfig Wizard
With WEBconfig you have the option to launch the Check security settings
Wizard to check and change any settings. The following values are edited:
Device password
The protocols to be available for accessing the configuration from local
and remote networks
The parameters for locking the configuration (the number of incorrect
password entries and the duration of the lock)
8.2
The security checklist
The following checklists provide an overview of all security settings that are
important to professionals. Most of the points in this checklist are uncritical
for simple configurations. In these cases, the security settings in the basic
configuration or that were set with the Security Wizard are sufficient.
Detailed information about the security settings mentioned here are
to be found in the reference manual.
Have you protected the configuration with a password?
The simplest way of protecting the configuration is to agree upon a password. If no password has been agreed for the device, the configuration is
open to be changed by anybody. The field for entering the password is to
be found in LANconfig in the 'Management' configuration area on the
'Security' tab. It is absolutely imperative to assign a password to the configuration if you want to enable remote configuration!
64
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Have you permitted remote configuration?
If you do not require remote configuration, please ensure to switch it off.
If you need to make use of remote configuration, ensure that you do not
fail to password-protect the configuration (see the section above). The
field for disenabling remote configuration is to be found in LANconfig in
the 'Management' configuration area on the 'Security' tab. Under ‘Access
rights – From remote networks’ select the option ‘denied’ for all methods
of configuration.
Have your password- protected the SNMP configuration?
Protect the SNMP configuration with a password too. The field for password-protecting the SNMP configuration is also to be found in LANconfig
in the 'Management' configuration area on the 'Security' tab.
Have you activated the firewall?
The stateful inspection firewall of LANCOM devices ensures that you local
network cannot be attacked from the outside. Activate the firewall in
LANconfig under 'Firewall/QoS' on the 'General' tab.
Note that firewall security mechanisms (incl. IP masquerading, port
filters, access lists) are active only for data connections that are transmitted via the IP router. Direct data connections via the bridge are not
protected by the firewall!
Are you using a 'deny all' firewall strategy?
Maximum security and control is initially achieved by denying all data
traffic from passing the firewall. The only connections to be accepted by
the firewall are those that are to be explicitly permitted. This ensures that
Trojan horses and certain types of e-mail virus are denied communication
to the outside. Activate the firewall rules in LANconfig under 'Firewall/
QoS' on the 'Rules' tab. Instructions on this are to be found in the reference manual.
Have you activated IP masquerading?
IP masquerading refers to the concealment of local computers while they
access the Internet. All that is revealed to the Internet is the IP number of
the router module of the device. The IP address can be fixed or dynamically assigned by the provider. The computers in the LAN then use the
router as a gateway and are not visible themselves. The router separates
the Internet from the intranet like a wall. The application of IP masquerading is set in the routing table for every route individually. The routing
65
EN
Chapter 8: Security settings
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 8: Security settings
table can be found in the LANconfig in the configuration area 'IP router'
on the 'Routing' tab.
EN
Have you used filters to close critical ports?
The firewall filters in LANCOM devices offer filter functions for individual
computers or entire networks. It is possible to set up source and destination filters for individual ports or port ranges. Furthermore, filters can be
set for individual protocols or any combination of protocols (TCP/UDP/
ICMP). It is especially convenient to set up the filters with the aid of
LANconfig. Under 'Firewall/QoS', the 'Rules' tab contains the functions for
defining and editing filter rules.
Have you excluded certain stations from accessing the device?
A special filter list can be used to limit access to the device's internal functions via TCP/IP. The phrase "internal functions" refers to configuration
sessions via LANconfig, WEBconfig, Telnet or TFTP. As standard this table
contains no entries, meaning that computers with any IP address can use
TCP/IP and Telnet or TFTP to commence accessing the device. The first time
an IP address is entered with its associated netmask, the filter is activated
and only the IP addresses contained in this entry are entitled to make use
of internal functions. Further entries can be used to extend the circle of
authorized parties. The filter entries can describe individual computers or
even entire networks. The access list can be found in the LANconfig in the
configuration area 'TCP/IP' on the 'General' tab.
Do you store your saved LANCOM configuration to a safe location?
Protect your saved configurations in a location that is safe from unauthorized access. Otherwise, byway of example, an unauthorized person may
load your stored configuration file into another device and they can access
the Internet at your expense.
Have you activated the protection of your WAN access in case the
device is stolen?
After being stolen, the device can theoretically be operated at another
location by unauthorized persons. Password-protected device configurations do not stop third parties from operating RAS access, LAN connectivity or VPN connections that are set up in the device: A thief could gain
access to a protected network.
The device’s operation can be protected by various means; for example, it
will cease to function if there is an interruption to the power supply, or if
the device is switched on in another location.
66
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 8: Security settings
The scripting function can store the entire configuration in RAM only so
that restarting the device will cause the configuration to be deleted. The
configuration is not written to the non-volatile flash memory. A loss of
power because the device has been relocated will cause the entire configuration to be deleted (for further information see the reference manual).
Have you ensured that the reset button is safe from accidental
configuration resets?
Some devices simply cannot be installed under lock and key. There is consequently a risk that the configuration will be deleted by mistake if a coworker presses the reset button too long. The behavior of the reset button
can be set so that a press is either ignored or it causes a re-start, depending on the time for which it is held pressed.
67
EN
With the ISDN location verification, the device can only be operated at
one particular ISDN connection. After being switched on, the device calls
itself at the corresponding telephone number to check that it is still connected to the “correct” ISDN connection (for further information see the
reference manual).
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 9: Advice & assistance
9 Advice & assistance
See this chapter for first-aid assistance if some of the typical problems should
occur.
9.1
No WAN connection can be established
EN
After starting, the router attempts automatically to connect to the Internet
provider. During this phase, the Internet-connection status LED blinks green.
If successful, this LED switches to constant green. If contact cannot be made,
the Online LED illuminates red. This is generally due to one of the following
causes:
Problems with the cabling?
For the DSL connection, use only the connector cable supplied. This cable
must be connected to the Ethernet connector of the DSL modem or the network connector. The LED for the WAN connection must illuminate in green to
show that it is physically connected.
Is the correct transmission protocol selected?
The transmission protocol is defined with the basic settings. The Basic Settings
Wizard actually sets the correct protocol for a wide variety of DSL providers. If
your DSL provider is unknown to the Wizard you have to set the protocol yourself. The protocol specified by your DSL provider should work without problem.
You can check and adjust your protocol settings under:
Configuration tool
9.2
Call
LANconfig
Communication General Communication layers
WEBconfig
Expert configuration Setup WAN module Layer list
DSL data transfer is slow
The data transfer rate of an broadband (Internet) DSL connection is dependent
upon numerous factors, most of which are outside of one's own sphere of
influence. Important factors aside from the bandwidth of one's own Internet
connection are the Internet connection and current load of the desired target.
Numerous other factors involving the Internet itself can also influence the
transfer rate.
68
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 9: Advice & assistance
Increasing the TCP/IP window size under Windows
One common problem occurs when large amounts of data are sent and received simultaneously with a Windows PC using an asynchronous connection.
This can cause a severe decrease in download speed. The cause of this problem is what is known as the TCP/IP receive window size of the Windows operating system that is set to a value too small for asynchronous connections.
Instructions on how to increase the Windows size can be found in the Knowledge Base of the support section of the LANCOM web site (www.lancom.eu).
9.3
Unwanted connections under Windows XP
Windows XP computers attempt to compare their clocks with a timeserver on
the Internet at start-up. This is why when a Windows XP in the WLAN is
started, a connection to the Internet is established by the LANCOM.
To resolve this issue, you can turn off the automatic time synchronization on
the Windows XP computers under Right mouse click on the time of day
Properties Internet time.
9.4
Cable testing
A cabling defect might have occurred, if no data is transmitted over LAN or
WAN connection, although the configuration of the devices does not show
any discernible errors.
You can test the cabling with the built-in cable tester of your LANCOM.
Change under WEBconfig to menu item Expert configuration Status
LAN statistics Cable test. Enter here the name of the interface to be
69
EN
If the actual transfer rate of a DSL connection is significantly below the fastest
rate listed by the provider, there are only a few possible causes (apart from the
above-mentioned external factors) which may involve one's own equipment.
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 9: Advice & assistance
EN
tested (e.g. “DSL1” or “LAN-1”). Pay attention to the correct spelling of the
interfaces. Start the test for the specified interface by clicking on Execute.
Change then to menu item Expert configuration Status LAN statistics Cable test results. The results of the cable test for the individual
interfaces are show up in a list.
The following results can occur:
OK: Cable plugged in correctly, line ok.
open with distance “0m”: No cable plugged in or interruption within less
than 10 meters distance.
open with indication of distance: Cable is plugged in, but defect (shortcircuited) at the indicated distance.
Impedance error: The pair of cables is not terminated with the correct
impedance at the other end.
70
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 10: Appendix
10 Appendix
Performance data and specifications
LANCOM 821+
Connections
LANCOM 1721+
VPN
LANCOM 1711+
VPN
Ethernet LAN
4x 10/100Base-TX, auto sensing, switch with node/hub auto sensing
WAN/ADSL
ADSL over ISDN as per ITU G.992.1 Annex B
(compatible to U-R2 connections of the Deutsche Telekom) or ADSL over POTS as per ITU
G.992.1 Annex A
ADSL over ISDN as per ITU 992.3, ITU G.992.5
Annex B (ADSL2+) or ADSL over POTS as per
ITU G992.3 and ITU G.992.5 Annex A
ISDN
ISDN S0 bus
Outband
serial V.24/V.28 port (8 pol. mini DIN), in combination with LANCOM
modem adapter kit suited for connection of external analogue or GSM
modems
Power supply
12V DC via external power supply. Permitted power supplies:
NEST 12V/1A DC/S Hohlstkr 2.1/5.5mm (RoHS)
LANCOM item no. 110524
Type identification on the power supply „Type: 15.2230S“
EN
10.1
10/100Base-TX, auto
sensing
Housing
210 x 143 x 45 mm (W x H x D), rugged plastic case, connectors on the
rear side, stackable, provision for wall mounting
Standards
EU (CE certification: EN 55022, EN 55024, EN 60950)
Environment /
temperature
range
Temperature range 0°C to + 40°C at 80% max. Temperature range
humidity (non condensing)
0°C to +55°C at 80%
max. humidity (non
condensing)
Options
Accessories
LANCOM VPN Option 25 channels (hardware
accelerated, max.25 simultaneous connections, 50 connections configurable) for VPN in
WAN
(Art. no.60083)
LANCOM Modem Adapter Kit for connecting modems (analogue or
GSM) to the serial configuration interface (Art. no. 110288)
LANCOM Rack Mount Option (Art. no. 61501)
LANCOM Advanced VPN Client (Art. no. 61600)
LANCOM Advanced VPN Client (10 bulk)
(Art. no. 61601)
LANCOM Advanced VPN Client (25 bulk)
(Art. no. 61602)
71
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 10: Appendix
10.2
10.2.1
LANCOM 1711+
VPN only
Connector wiring
WAN interface
8-pin RJ45 socket
EN
Connector
10.2.2
ADSL interface
LANCOM 821+ and
LANCOM 1721+
VPN only
6-pin RJ11 socket
Connector
72
Pin
IAE
1
T+
2
T-
3
R+
4
–
5
–
6
R-
7
–
8
–
Pin
IAE
1
–
2
–
3
a
4
b
5
–
6
–
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 10: Appendix
10.2.3
ISDN-S0 interface
Connector
10.2.4
Pin
Line
IAE
1
–
–
2
–
–
3
T+
2a
4
R+
1a
5
R-
1b
6
T-
2b
7
–
–
8
–
–
EN
8-pin RJ45 socket (ISO 8877, EN 60603-7)
Ethernet interface 10/100Base-T
8-pin RJ45 sockets (ISO 8877, EN 60603-7)
Connector
Pin
Line
1
T+
2
T-
3
R+
4
–
5
–
6
R-
7
–
8
–
73
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Chapter 10: Appendix
10.2.5
Configuration interface (outband)
8-pin Mini DIN socket
EN
Connector
10.3
Pin
Line
1
CTS
2
RTS
3
RxD
4
RI
5
TxD
6
DSR
7
DCD
8
DTR
U
GND
Declaration of conformity
LANCOM Systems herewith declares that the devices of the type described in
this documentation are in agreement with the basic requirements and other
relevant regulations of the 1995/5/EC directive.
The CE declarations of conformity for your device are available in the appropriate product area on the LANCOM Systems web site (www.lancom.eu).
74
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Index
Index
20
41, 51
A
Accounting
ADSL
Connect
Connector cable
Transfer rates
AES
Answering machine
Autosensing
20
14
9
41, 51
9
22
B
Basic configuration
Blowfish
25
41, 51
C
Call-back function
Callback function
Calling Line Identity (CLI)
CAPI interface
charge lock
Charge protection
Common ISDN Application
Programming Interface (CAPI)
Configuration access
Configuration file
Configuration interface
Connector cable
Configuration password
Configuration port
Configuration protection
Connector wiring
ADSL interface
Configuration port
DSL interface
Ethernet interface
29
41, 51
13
53
58
17
29, 31
58
31
66
13
14
64
20
13, 27, 30
72
72
74
72
73
ISDN S0 interface
LAN interface
Outband
WAN interface
Cost budget
73
73
74
73
29
D
Data frequencies
10
65
Default gateway
35
DHCP
11, 26, 36
DHCP server
51
Dial-in access
55
Dial-up adapter
DNS
45
DNS access to the remote LAN
11, 35
DNS server
14
Documentation
45
Domain
5
Download
9
Downstream
DSL
68
data transfer is too slow
E
Encryption
41, 51
F
Fax
Firewall
Block stations
FirmSafe
Firmware
Flatrate
9
13, 66
66
13
5
38
H
Hardware installation
HTTPS
21
31
I
ICMP
66
75
EN
Numerics
10/100Base-TX
3 DES
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
EN
Index
Information symbols
5
14
Installation
22
ADSL
23
configuration port
22
DSL
22
ISDN
22
LAN
23
LANtools
23
power adapter
11, 37
Internet access
38
Authentication data
38
Flatrate
37
Internet access setup
37
Internet provider
IP
66
Block ports
66
Filter
26, 27, 46, 66
IP address
22
IP address of the LANCOM
12, 65
IP masquerading
11
IP router
41, 51
IPsec
55
IPX
46, 54
Binding
46, 54
External network number
46
Frame type
54
Internal net number
46
IPX conventions
11
IPX router
45
Settings
ISDN
14
Connector cable
53
D channel
29
MSN
20
S0 port
44, 52, 53
ISDN calling line ID
ISDN connection
29
Basic settings
12
ISDN leased-line option
51
ISDN modem
76
ISDN number
ISDN PBX
ISDN S0 connection
43
29
12
L
LAN
Connector cable
LAN to LAN coupling
LANCAPI
LANCOM VPN Option
LANconfig
Starting the Wizards
LAN-LAN connectivity
Required information
LAN-LAN coupling
LANmonitor
LANtools
System requirements
M
MAC address filter
Metering pulse
MSN
N
NAT – see IP masquerading
NetBIOS
NetBIOS proxy
Netmask
Network connectivity
Security aspects
Network mask
Network segment
14
11
12, 29
13
24, 30
40
41
42
29
24
15
13
29
53
46
11
26
41
41, 51
27, 66
22, 46
P
Package contents
14
27, 31, 41, 51
Password
44
Password for the ISDN connection
PAT – see IP masquerading
9
PBX
48
Ping
14, 20
Power adapter
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Index
R
RAS
Remote Access Service (RAS)
Activate compression in software
Configuring the dial-in computer
IPX
NetBIOS
Server
Setup
Specify MSN
TCP/IP
User name
Windows workgroup search
Remote configuration
Remote configuration via ISDN
Reset connect charge protection.
20,
Reset switch
Resetting the configuration
Restarting the device
Router function
Routing table
S
Security
Firewall wizard
Security settings wizard
Security checklist
Security settings
SNMP
Configuration protection
Software installation
SSID
Standard gateway
Status display
ETH
Power
Status displays
51
55
29
11
55
55
54
54
11
51
29
53
52
54
31
13
17
21
21
21
9
65
64
63
64
68
65
23
28
35
19
16
Power
Support
Switch
System preconditions
System requirements
T
TCP
TCP/IP
Connect test
Settings
Settings to PCs in the LAN
Windows size
TCP/IP configuration
Fully automatic
Manual
TCP/IP filter
TCP/IP router
Settings
Telephone
Telnet
TFTP
Transmission protocol
16, 17
5
20
14
14
66
15, 55
48
25
35
69
25, 26
25, 27
13, 66
44
9
66
66
68
U
UDP
Upstream
66
9
V
Virtual Private Network
Virtual Private Network (VPN)
Voice frequencies
Voltage switch
VPN
VPN client
10
11
10
20
10
55
W
WAN
Connector cable
WEBconfig
HTTPS
System requirements
14
31
31
15
77
EN
PPP
PPP client
Prefix for external line
LANCOM 821+ – LANCOM 1711+ VPN – LANCOM 1721+ VPN
Index
EN
Windows workgroup search
78
47
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.4 Linearized : No Page Mode : UseOutlines XMP Toolkit : 3.1-701 Producer : Acrobat Distiller 7.0 (Windows) Creator Tool : FrameMaker 7.0 Modify Date : 2009:04:20 12:55:15+02:00 Create Date : 2009:04:20 12:11:19Z Metadata Date : 2009:04:20 12:55:15+02:00 Format : application/pdf Title : LANCOM 821+.LANCOM 1711+ VPN.LANCOM 1721+ VPN Creator : LANCOM Systems GmbH Document ID : uuid:bb84a556-87ee-40c4-8553-c98ed2aa0dce Instance ID : uuid:5a6d785f-3ca3-4a8c-981b-408897b165e2 Has XFA : No Page Count : 79 Author : LANCOM Systems GmbHEXIF Metadata provided by EXIF.tools