FRITZ WLAN-7390 Router Manual PDF (Setup & Configuration Guide)

Page 161 / 197 Scroll up to view Page 156 - 160

Security through a VPN

161

The terminals of the tunnels can be individual computers

or entire networks. For instance, telecommuters or field

staff can connect to the company network via VPN. The lo-

cal network at a branch office can also be connected to

the local network of company headquarters via VPN. Both

of the locations securely connected over VPN must have

an Internet connection at their disposal.

5.2

Security through a VPN

A VPN fulfills the following security requirements for data

transmission:

•

Authenticity

•

Confidentiality

•

Integrity

Authenticity

Authenticity ensures that no unauthorized users can ac-

cess the local network via VPN.

It also makes sure that incoming data actually come from

the registered party and not from another source.

Confidentiality

Confidentiality requires the nondisclosure of data. Confi-

dentiality can be guaranteed by encrypting the data. En-

cryption means that unauthorized third parties cannot ob-

tain any knowledge about the transmitted data.

Integrity

Integrity ensures that the data are not changed, recorded

or diverted during transmission.

Tunnel

Local network A

Local network B

Internet

Page 162 / 197

162

Tunnel Technology

The VPN tunnel fulfills these security requirements. The

VPN tunnel is implemented using a tunnel protocol.

5.3

Tunnel Technology

A tunnel is created by placing an IP packet to be transmit-

ted inside of an additional, new IP packet.

An IP packet is composed of the IP header and the user

data. The IP header contains the IP address of the destina-

tion and the IP address of the sender.

The original packet is encrypted and authenticated before

repacking.

•

The IP addresses of the destination and the sender in

the new IP header are the public IP addresses of the

two VPN parties in the Internet. Only the new IP head-

er can be read in the Internet in clear text.

•

Thanks to the encryption and authentication, the

original packet remains concealed in the inside of

the tunnel. The IP addresses of the destination and

sender in the IP header of the original packet are pri-

vate IP addresses in the local network.

The tunnel is what makes it possible to connect networks

with private IP addresses via the Internet. Moreover, the

tunnel secures the connection.

The VPN solution used with the FRITZ!Box uses the IPSec

tunnel protocol.

IP header

Data

IP header

Data

New

IP header

Original packet

Tunnel packet

encrypted

Page 163 / 197

Supplementary Software for VPN

163

IPSec is a tunnel protocol that offers state-of-the-art en-

cryption procedures and can be integrated seamlessly in-

to existing IP networks. The AES encryption algorithm is

used in the FRITZ!Box VPN solution. AES is the most mod-

ern encryption algorithm.

5.4

Supplementary Software for VPN

All of the information required for a VPN is saved in a con-

figuration file. The terminals involved in any VPN must re-

ceive this file.

If an individual computer is integrated into a network via a

VPN, the computer must have a VPN client installed.

•

The “FRITZ!Box VPN” Configuration Wizard

AVM provides the “Configure FRITZ!Box VPN” soft-

ware in English to set up configuration files. This pro-

gram is a Wizard that takes you step by step through

the VPN configuration. All of the necessary VPN set-

tings, like the encryption method and access rules,

are set automatically. The resulting configuration

files must be imported to the respective terminals of

the VPN tunnel. At the terminal with the FRITZ!Box the

configuration file is then imported to the FRITZ!Box.

The VPN parameters in these files can be adjusted

manually to connect to products by other manufac-

turers.

•

The “FRITZ!VPN” VPN Client

AVM offers the “FRITZ!VPN” software in English as a

VPN client.

Both the Wizard and the client can be downloaded free of

charge from the VPN Service Portal on the AVM web site:

www.avm.de/en/vpn

Page 164 / 197

164

More about: Bandwidth Management and Prioritization

6

More about: Bandwidth Management and Prioritization

Integrated bandwidth management ensures high speech quality for

telephone calls over the Internet with the FRITZ!Box.

The FRITZ!Box also offers a prioritization function that can be used to di-

vide network applications and network devices into three different cat-

egories. The category assigned determines whether an application or

device is treated with higher or lower priority when it accesses the Inter-

net.

6.1

Bandwidth Management

The FRITZ!Box is equipped with integrated bandwidth

management. This function ensures that the speech quali-

ty during telephone calls over the Internet is not reduced

by surfing activity. To do this, the FRITZ!Box adjusts all up-

loads and downloads to the currently available band-

width. Because the FRITZ!Box also places a higher priority

on Internet telephony connections over Internet data con-

nections, unwelcome interference is largely avoided. Just

as for any other analog call, once Internet telephony trans-

mission capacity has been reached, remote partners re-

ceive a busy signal.

6.2

The Prioritization of Network Applications and Network Devices

Prioritization is a function you can use to specify that net-

work applications and network devices be treated with

higher or lower priority when they access the Internet con-

nection. For example, you may wish to ensure that appli-

cations like Internet telephony, IPTV and video on demand

are always treated with higher priority than other applica-

tions. You can also specify that file-sharing applications

like eMule and BitTorrent always have to wait behind on-

line games.

The following algorithm is used in the FRITZ!Box to send

data packets according to their prioritization:

Page 165 / 197

Categories for Prioritization

165

•

Change in the order in which packets are sent to the

Internet (upstream direction)

The order of the packets the FRITZ!Box receives from

the Internet (downstream direction) cannot be

changed.

•

Discard low-priority packets in order to ensure the

transmission of higher-priority packets. This algo-

rithm is used whenever more packets are supposed

to be sent to the Internet than the upstream transmis-

sion rate of the Internet connection alllows.

•

As long as no packets are being sent from higher-prior-

ity applications, the full transmission rate of the Inter-

net connection is available for low-priority packets.

Categories for Prioritization

There are three categories for prioritization: “Real-time ap-

plications”, “Prioritized applications” and “Background

applications”. The categories are explained below.

•

Real-time applications

This category is suitable for applications with high

demands on transmission speed and reaction times

(for example, Internet telephony, IPTV, video on de-

mand).

–

Network applications of this category always have

priority over other applications accessing the In-

ternet at the same time.

–

When the Internet connection is working at full ca-

pacity, the network packets of the applications of

this category will always be sent first. In this case

data from network applications assigned to other

categories, like “Prioritized applications”, will be

transmitted later.

–

If multiple network applications are assigned to

this category, then they must share the available

capacity.

Rate

Popular FRITZ Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share