This document describes how to configure an IKEv2 “extranet VPN” connection between two LANCOM routers so that all stations in the local network are masked behind a single IP address.
1) Use the LANconfig Setup Wizard to configure an IKEv2 VPN connection at both ends.The procedure is described in the following Knowledge Base document
In this example, all of the local stations in the network at the headquarters are to be masked behind the IP address 10.10.10.1.
2) In LANconfig, open the configuration dialog for the LANCOM router at the headquartersand switch to the menu item IP router
-> Routing -> IPv4
→ Routing → IPv4 routing table.
3) Edit the existing routing entry for the VPN connection to the branch office.
Here, the parameter IP masqueradingneeds to be set to the value Masking intranet and DMZ.
Image Removed
Image Added
4) Change to the menu Communication
-> Protocols -> IP
→ Protocols → IP parameters.
5) Create a new entryfor which you select the VPN connection as the remote siteand, in the field Masquerading IP address, you enter the IP address used for masking the stations in the local network.
Image Removed
Image Added
6) Write the modified configuration back to the LANCOM router at the headquarters.
7) In LANconfig, open the configuration dialog for the LANCOM router at the branch officeand switch to the menu item IP router
-> Routing -> IPv4
→ Routing → IPv4 routing table.
8) Edit the existing routing entry for the VPN connection to the headquarters.
Here, enter the IP addressused to mask the local stations at the headquarters(in this case 10.10.10.1).
The netmaskhas to be set to255.255.255.255.
Image Removed
Image Added
8) Write the modified configuration back to the LANCOM router at the branch office.
Note:
Info
If both ends are to be masked, you need to repeat the steps 2 to 6for the remote site. After that, only the routers at the two sites remain accessible. This configuration is useful if, for example, you wish to encapsulate EoGRE or L2TP tunnels within a VPN tunnel (see
