lancom 7100+ vpn - LANCOM Systems GmbH

Routers & VPN Gateways
LANCOM 7100+ VPN
High-performance central-site VPN gateway for securely networking up to 200
sites
The LANCOM 7100+ VPN is a central-site VPN gateway that provides VPN connections for up to 100 sites as
standard, which is upgradeable to 200 with the LANCOM VPN Option. The LANCOM 7100+ VPN implements
large multi-service IP network structures with the highest levels of security, reliability and performance. The right
choice for secure, reliable and sustainable networking solutions "Made in Germany".
a VPN site connectivity for large network infrastructures with large numbers of external sites
a Provides 100 VPN channels, upgradable to 200 per device
a Advanced Routing & Forwarding with 256 VLAN/IP contexts
a Status monitoring with the front-mounted display
a Optional upgrades as a Public Spot gateway and Content Filter
a Security Made in Germany
a Maximum future compatibility, reliability and security
DATASHEET
LANCOM 7100+ VPN
Advanced Routing & Forwarding
Upgrade options
The LANCOM 7100+ VPN provides up to 256 securely
With the LANCOM 7100+ VPN, your network can do even
isolated IP contexts, each of which has its own separate
more. The LANCOM Public Spot option upgrades the device
routing. This is an elegant way of operating IP applications
to a hotspot gateway for deploying a user-friendly but secure
with one central router while keeping the different
hotspot. Even more security for the network comes with the
communication channels securely separated from one
LANCOM Content Filter, which blocks access to undesirable
another.
Internet content.
Secure connectivity for large networks
Security Made in Germany
The LANCOM 7100+ VPN is a central-site VPN gateway that
In a market with a strong presence of American and Asian
provides VPN connections for up to 100 sites as standard
products, LANCOM offers maximum security "Made in
and upgrades to support up to 200 VPN connections. This
Germany". The entire LANCOM core product range is
connects numerous branch offices and mobile employees to
developed and manufactured in Germany and tested
your company network, with other benefits including high
according to the highest standards of security, data
performance and future viability.
protection and quality. The company's own "closed-source"
operating system LCOS is developed at the company
Secure site connectivity via VPN
headquarters in Germany. Our in-house team of developers
The LANCOM 7100+ VPN offers high levels of security. The
works in a highly secure environment as certified by the BSI
standard equipment of 100 IPSec VPN channels guarantees
(German Federal Office for Information Security)—all of which
strongest encryption of the communications between your
is subject to the highest standards of security, encryption,
sites, secure connections for mobile employees, and
and quality.
protection of corporate data. The LANCOM VPN option
upgrades the central-site gateway to support 200 VPN
Systematic networking solutions
channels. This ensures that your network is perfectly scalable
LANCOM central-site VPN gateways are the basis for secure
and can grow on demand—without needing additional
encrypted site connectivity and high-speed Internet access.
hardware.
As professional system components, they are fully compatible
to all LANCOM network devices and they facilitate flexible
Continuous status monitoring
scaling and expansion when combined with further LANCOM
A display on the front of the device provides a continuous
components. The result is a secure and flexible all-round
overview of various information including the temperature,
solution that you can rely on. The overall network down to
CPU load, and active VPNs. Without even starting your
each individual device can be managed and monitored from
computer, you can see in an instant if your network is
one central instance—for a solution that is systematic.
operating properly or if you need to act.
DATASHEET
LANCOM 7100+ VPN
LCOS 10.12
Layer 2 features
VLAN
4.096 IDs based on IEEE 802.1q, dynamic assignment, Q-in-Q tagging
Multicast
IGMP-Snooping
Protocols
Ethernet over GRE-Tunnel (EoGRE), ARP-Lookup, LLDP, DHCP option 82, IPv6-Router-Advertisement-Snooping, DHCPv6-Snooping,
LDRA (Lightweight DHCPv6 Relay Agent), Spanning Tree, Rapid Spanning Tree, ARP, Proxy ARP, BOOTP, DHCP, LACP
Layer 3 features
Firewall
Stateful inspection firewall including paket filtering, extended port forwarding, N:N IP address mapping, paket tagging, user-defined
rules and notifications
Quality of Service
Traffic shaping, bandwidth reservation, DiffServ/TOS, packetsize control, layer-2-in-layer-3 tagging
Security
Intrusion Prevention, IP spoofing, access control lists, Denial of Service protection, detailed settings for handling reassembly,
session-recovery, PING, stealth mode and AUTH port, URL blocker, password protection, programmable reset button
PPP authentication mechanisms
PAP, CHAP, MS-CHAP, and MS-CHAPv2
High availability / redundancy
VRRP (Virtual Router Redundancy Protocol), analog/GSM modem backup
Router
IPv4-, IPv6-, NetBIOS/IP multiprotokoll router, IPv4/IPv6 dual stack
Router virtualization
ARF (Advanced Routing and Forwarding) up to separate processing of 256 contexts
IPv4 services
HTTP and HTTPS server for configuration by web interface, DNS client, DNS server, DNS relay, DNS proxy, dynamic DNS client, DHCP
client, DHCP relay and DHCP server including autodetection, NetBIOS/IP proxy, NTP client, SNTP server, policy-based routing,
Bonjour-Proxy, RADIUS
IPv6 services
HTTP and HTTPS server for configuration by web interface, DHCPv6 client, DHCPv6 server, DHCPv6 relay, DNS client, DNS server,
dynamic DNS client, NTP client, SNTP server, Bonjour-Proxy, RADIUS
IPv6 compatible LCOS applications
WEBconfig, HTTP, HTTPS, SSH, Telnet, DNS, TFTP, firewall, RAS dial-in
Dynamic routing protocols
RIPv2, BGPv4, OSPFv2
IPv4 protocols
DNS, HTTP, HTTPS, ICMP, NTP/SNTP, NetBIOS, PPPoE (server), RADIUS, RADSEC (secure RADIUS), RTP, SNMPv1,v2c,v3, TFTP, TACACS+
IPv6 protocols
NDP, stateless address autoconfiguration (SLAAC), stateful address autoconfiguration (DHCPv6), router advertisements, ICMPv6,
DHCPv6, DNS, HTTP, HTTPS, PPPoE, RADIUS, SMTP, NTP, BGP, Syslog, SNMPv1,v2c,v3
WAN operating mode
VDSL, ADSL1, ADSL2 or ADSL2+ additional with external DSL modem at an ETH port, UMTS/LTE
WAN protocols
PPPoE, Multi-PPPoE, ML-PPP, GRE, EoGRE, PPTP (PAC or PNS), L2TPv2 (LAC or LNS) and IPoE (using DHCP or no DHCP), RIP-1, RIP-2,
VLAN, IPv6 over PPP (IPv6 and IPv4/IPv6 dual stack session), IP(v6)oE (autokonfiguration, DHCPv6 or static)
Tunneling protocols (IPv4/IPv6)
6to4, 6in4, 6rd (static and over DHCP), Dual Stack Lite (IPv4-in-IPv6-Tunnel)
Security
Intrusion Prevention
Monitoring and blocking of login attempts and port scans
IP spoofing
Source IP address check on all interfaces: only IP addresses belonging to the defined IP networks are allowed
Access control lists
Filtering of IP or MAC addresses and preset protocols for configuration access and LANCAPI
Denial of Service protection
Protection from fragmentation errors and SYN flooding
General
Detailed settings for handling reassembly, PING, stealth mode and AUTH port
URL blocker
Filtering of unwanted URLs based on DNS hitlists and wildcard filters. Extended functionality with Content Filter Option
Password protection
Password-protected configuration access can be set for each interface
Alerts
Alerts via e-mail, SNMP traps and SYSLOG
Authentication mechanisms
PAP, CHAP, MS-CHAP and MS-CHAPv2 as PPP authentication mechanism
Anti-theft
Anti-theft ISDN site verification over B or D channel (self-initiated call back and blocking)
Adjustable reset button
Adjustable reset button for 'ignore', 'boot-only' and 'reset-or-boot'
High availability / redundancy
VRRP
VRRP (Virtual Router Redundancy Protocol) for backup in case of failure of a device or remote station.
FirmSafe
For completely safe software upgrades thanks to two stored firmware versions, incl. test mode for firmware updates
DATASHEET
LANCOM 7100+ VPN
LCOS 10.12
High availability / redundancy
ISDN backup
In case of failure of the main connection, a backup connection is established over ISDN. Automatic return to the main connection
Load balancing
Static and dynamic load balancing over up to 3 WAN connections. Channel bundling with Multilink PPP (if supported by network
operator)
VPN redundancy
Backup of VPN connections across different hierarchy levels, e.g. in case of failure of a central VPN concentrator and re-routing to
multiple distributed remote sites. Any number of VPN remote sites can be defined (the tunnel limit applies only to active connections).
Up to 32 alternative remote stations, each with its own routing tag, can be defined per VPN connection. Automatic selection may be
sequential, or dependant on the last connection, or random (VPN load balancing)
Line monitoring
Line monitoring with LCP echo monitoring, dead-peer detection and up to 4 addresses for end-to-end monitoring with ICMP polling
VPN
IPSec over HTTPS
Enables IPsec VPN based on TCP (at port 443 like HTTPS) which can go through firewalls in networks where e. g. port 500 for IKE is
blocked. Suitable for client-to-site connections and site-to-site connections. IPSec over HTTPS is based on the NCP VPN Path Finder
technology
Number of VPN tunnels
Max. number of concurrent active IPSec, PPTP (MPPE) and L2TPv2 tunnels: 100. Unlimited configurable connections. Configuration of
all remote sites via one configuration entry when using the RAS user template or Proadaptive VPN.
Hardware accelerator
Integrated hardware accelerator for 3DES/AES encryption and decryption
1-Click-VPN Client assistant
One click function in LANconfig to create VPN client connections, incl. automatic profile creation for the LANCOM Advanced VPN Client
1-Click-VPN Site-to-Site
Creation of VPN connections between LANCOM routers via drag and drop in LANconfig
IKE, IKEv2
IPSec key exchange with Preshared Key or certificate (RSA signature, digital signature)
Smart Certificate
Convenient generation of digital X.509 certificates via an own certifaction authority (SCEP-CA) on the webpage or via SCEP.
Certificates
X.509 digital multi-level certificate support, compatible with Microsoft Server / Enterprise Server and OpenSSL. Secure Key Storage
protects a private key (PKCS#12) from theft.
Certificate rollout
Automatic creation, rollout and renewal of certificates via SCEP (Simple Certificate Enrollment Protocol) per certificate hierarchy
Certificate revocation lists (CRL)
CRL retrieval via HTTP per certificate hierarchy
OCSP Client
Check X.509 certifications by using OCSP (Online Certificate Status Protocol) in real time as an alternative to CRLs
XAUTH
XAUTH client for registering LANCOM routers and access points at XAUTH servers incl. IKE-config mode. XAUTH server enables clients
to register via XAUTH at LANCOM routers. Connection of the XAUTH server to RADIUS servers provides the central authentication of
VPN-access with user name and password. Authentication of VPN-client access via XAUTH and RADIUS connection additionally by
OTP token
RAS user template
Configuration of all VPN client connections in IKE ConfigMode via a single configuration entry
Proadaptive VPN
Automated configuration and dynamic creation of all necessary VPN and routing entries based on a default entry for site-to-site
connections. Propagation of dynamically learned routes via RIPv2 if required
Algorithms
3DES (168 bit), AES (128, 192 or 256 bit), Blowfish (128 bit), RSA (1024-4096 bit) and CAST (128 bit). OpenSSL implementation with
FIPS-140 certified algorithms. MD-5, SHA-1 or SHA-256 hashes
NAT-Traversal
NAT-Traversal (NAT-T) support for VPN over routes without VPN passthrough
IPCOMP
VPN data compression based on Deflate compression for higher IPSec throughput on low-bandwidth connections (must be supported
by remote endpoint)
LANCOM Dynamic VPN
Enables VPN connections from or to dynamic IP addresses. The IP address is communicated via ISDN B- or D-channel or with the ICMP
or UDP protocol in encrypted form. Dynamic dial-in for remote sites via connection template
Dynamic DNS
Enables the registration of IP addresses with a Dynamic DNS provider in the case that fixed IP addresses are not used for the VPN
connection
Specific DNS forwarding
DNS forwarding according to DNS domain, e.g. internal names are translated by proprietary DNS servers in the VPN. External names
are translated by Internet DNS servers
IPv4 VPN
Connecting private IPv4 networks
IPv4 VPN over IPv6 WAN
Use of IPv4 VPN over IPv6 WAN connections
IPv6 VPN
Connecting private IPv6 networks
IPv6 VPN over IPv4 WAN
Use of IPv6 VPN over IPv4 WAN connections
DATASHEET
LANCOM 7100+ VPN
LCOS 10.12
VPN
Radius
RADIUS authorization and accounting, outsourcing of VPN configurations in external RADIUS server in IKEv2, RADIUS CoA (Change
of Authorization)
VPN throughput (max., AES)
1418-byte frame size UDP
450 Mbps
Firewall throughput (max.)
1518-byte frame size UDP
990 Mbps
VoIP
SIP ALG
The SIP ALG (Application Layer Gateway) acts as a proxy for SIP communication. For SIP calls the ALG opens the necessary ports for
the corresponding media packets. Automatic address translation (STUN is no longer needed).
Interfaces
Ethernet ports
4 individual 10/100/1000 Mbps Ethernet ports; up to 3 ports can be operated as additional WAN ports with load balancing. Ethernet
ports can be electrically disabled within LCOS configuration
Port configuration
Each Ethernet port can be freely configured (LAN, DMZ, WAN, monitor port, off). Additionally, external DSL modems or termination
routers can be operated as a WAN port with load balancing and policy-based routing.
USB 2.0 host port
USB 2.0 hi-speed host port for connecting USB printers (USB print server), serial devices (COM port server), USB data storage (FAT file
system); bi-directional data exchange is possible
ISDN
ISDN BRI port (S0 bus)
Serial interface
Serial configuration interface / COM port (8 pin Mini-DIN): 9,600 - 115,000 baud, suitable for optional connection of analog/GPRS
modems. Supports internal COM port server and allows for transparent asynchronous transmission of serial data via TCP
Management and monitoring
Management
LANCOM Management Cloud, LANconfig, WEBconfig, LANCOM Layer 2 management (emergency management)
Management functions
Alternative boot configuration, voluntary automatic updates for LCMS and LCOS, individual access and function rights up to 16
administrators, RADIUS and RADSEC user management, remote access (WAN or (W)LAN, access rights (read/write) adjustable seperately),
SSL, SSH, HTTPS, Telnet, TFTP, SNMP, HTTP, access rights via TACACS+, scripting, timed control of all parameters and actions through
cron job
FirmSafe
Two stored firmware versions, incl. test mode for firmware updates
Monitoring
LANCOM Management Cloud, LANmonitor, WLANmonitor
Monitoring functions
Device SYSLOG, SNMPv1,v2c,v3 incl. SNMP-TRAPS, extensive LOG and TRACE options, PING and TRACEROUTE for checking connections,
internal logging buffer for firewall events
Monitoring statistics
Extensive Ethernet, IP and DNS statistics; SYSLOG error counter, accounting information exportable via LANmonitor and SYSLOG, Layer
7 Application Detection including application-centric tracking of traffic volume
LANCAPI
Available for all LANCOM routers with integrated ISDN interface. LANCAPI provides CAPI 2.0 features for Microsoft Windows to utilize
ISDN channels over the IP network
CAPI Faxmodem
Softmodem for Microsoft Windows that makes use of LANCAPI to send and receive faxes via ISDN
iPerf
iPerf is a tool for measurements of the bandwidth on IP networks (integrated client and server)
SLA-Monitor (ICMP)
Performance monitoring of connections
SD-LAN
SD-LAN – automatic LAN configuration via the LANCOM Management Cloud
SD-WAN
SD-WAN – automatic WAN configuration via the LANCOM Management Cloud
*) Note
Not for use with All-IP connection
Hardware
Weight
8,38 lbs (3,8 kg)
Power supply
Internal power supply unit (110–230 V, 50-60 Hz)
Environment
Temperature range 5–40° C; humidity 0–95%; non-condensing
Housing
Robust metal housing, 19" 1 HU, 435 x 45 x 207 mm, with removable mounting brackets, network connectors on the front
Fans
1
DATASHEET
LANCOM 7100+ VPN
LCOS 10.12
Hardware
Power consumption (max)
30 watt
Declarations of conformity*
CE
EN 60950-1, EN 55022, EN 55024
FCC*
FCC Part 15, Class B with FTP cabling
IPv6
IPv6 Ready Gold
Country of Origin
Made in Germany
*) Note
You will find all declarations of conformity in the products section of our website at www.lancom-systems.com
*) Note
There are no ISDN functions available in the US-Version
Scope of delivery
Manual
Printed Installation Guide (DE/EN)
CD/DVD
Data medium with management software (LANconfig, LANmonitor, WLANmonitor, LANCAPI) and documentation
Cable
Serial configuration cable, 1.5m
Cable
2 Ethernet cables, 3m
Cable
ISDN cable, 3m
Cable
IEC power cord
Support
Warranty
3 years support
Software updates
Regular free updates (LCOS operating system and LANtools) via Internet
Options
VPN
LANCOM VPN-200 Option (200 channels), item no. 61404
LANCOM Content Filter
LANCOM Content Filter +10 user, 1 year subscription, item no. 61590
LANCOM Content Filter
LANCOM Content Filter +25 user, 1 year subscription, item no. 61591
LANCOM Content Filter
LANCOM Content Filter +100 user, 1 year subscription, item no. 61592
LANCOM Content Filter
LANCOM Content Filter +10 user, 3 year subscription, item no. 61593
LANCOM Content Filter
LANCOM Content Filter +25 user, 3 year subscription, item no. 61594
LANCOM Content Filter
LANCOM Content Filter +100 user, 3 year subscription, item no. 61595
LANCOM Warranty Basic Option L
Option to extend the manufacturer´s warranty from 3 to 5 years, item no. 10712
LANCOM Warranty Advanced Option L
Option to extend the manufacturer´s warranty from 3 to 5 years and replacement of a defective device, item no. 10717
LANCOM Public Spot XL
Hotspot option for LANCOM WLC-4100, WLC-4025(+), LANCOM 9100(+) VPN, and LANCOM 7100(+) VPN for user authentication
(recommended up to 2,500), versatile access (via voucher, e-mail, SMS), including a comfortable setup wizard, item no. 61624
LANCOM Public Spot PMS Accounting Plus Extension of the LANCOM Public Spot (XL) Option for the connection to hotel billing systems with FIAS interface (such as Micros Fidelio)
for authentication and billing of guest accesses for 178x/19xx routers, WLCs, and current central-site gateways, item no. 61638
LANCOM VPN High Availability Clustering Comfortable administration of cluster devices like one single device - even at networks across locations, item no. 61637
XL Option
LANCOM Management Cloud
LANCOM LMC-D-1Y LMC License
LANCOM LMC-D-1Y License (1 Year), enables the management of one category D device for one year via the LANCOM Management
Cloud, item no. 50109
LANCOM LMC-D-3Y LMC License
LANCOM LMC-D-3Y License (3 Years), enables the management of one category D device for three years via the LANCOM Management
Cloud, item no. 50110
LANCOM LMC-D-5Y LMC License
LANCOM LMC-D-5Y License (5 Years), enables the management of one category D device for five years via the LANCOM Management
Cloud, item no. 50111
DATASHEET
LANCOM 7100+ VPN
LCOS 10.12
LANCOM Serial Adapter Kit
For the connection of V.24 modems with AT command set and serial interface for the connection to the LANCOM COM interface, incl.
serial cable and connection plug, item no. 61500
VPN Client Software
LANCOM Advanced VPN Client for Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, single license, item no. 61600
VPN Client Software
LANCOM Advanced VPN Client for Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, 10 licenses, item no. 61601
VPN Client Software
LANCOM Advanced VPN Client for Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, 25 licenses, item no. 61602
VPN Client Software
LANCOM Advanced VPN Client for Mac OS X (10.5 Intel only, 10.6 or higher), single license, item no. 61606
VPN Client Software
LANCOM Advanced VPN Client for Mac OS X (10.5 Intel only, 10.6 or higher), 10 licenses, item no. 61607
Item number(s)
LANCOM 7100+ VPN (EU)
61071
LANCOM 7100+ VPN (UK)
61072
LANCOM 7100+ VPN (US)*
61089
*) Note
There are no ISDN functions available in the US-Version
Chassis drawing
www.lancom-systems.com
LANCOM Systems GmbH I Adenauerstr. 20/B2 I 52146 Wuerselen I Germany I E-mail info@lancom.de
LANCOM, LANCOM Systems and LCOS are registered trademarks. All other names or descriptions used may be trademarks or registered trademarks of their owners. Subject to change without notice. No liability for
technical errors and/or omissions. 02/18
Accessories
Download PDF
Similar pages