...
- LANCOM R&S®Unified Firewall as of LCOS FX version 10.4
- A configured and functional Internet connection on the Unified Firewall
- Any web browser for access to the web interface of the Unified Firewall
- Mobile device (smartphone, tablet PC, etc.) with the Android operating system version 5.x or later
| Info |
|---|
The availability of IKEv2 in Android depends on the manufacturer of your mobile device. E.g. the manufacturer Samsung implements IKEv2 in many Android versions while other manufacturers forego to do so. If IKEv2 isn't supported by your Android device you have to use an additional VPN client app. |
Scenario:
1) The Unified Firewall is connected directly to the Internet and has a public IPv4 address:
...
- Name: Enter a descriptive name.
- Security Profile: Here you select the ready-made profile LANCOM Advanced VPN Client IKEv2.
- Connection: Select your configured Internet connection.
If you have created your own template or security profile , you can use these here.
...
- Authentication Type: Select the option PSK (Preshared Key).
- PSK (Preshared Key): Set a preshared key for this connection.
- Local Identifier: Set the local identifier.
- Remote identifier: Set the remote identifier.
...
| Hinweis |
|---|
The local and remote identifiers must not match! |
| Info |
|---|
Depending on the used smartphone and its Android version, it is possible that only a local identity is supported (Remote Identifier on the Unified Firewall). If both identities are configured on the Unified Firewall, this may lead to the VPN connection not being able to be established. In this case the Local Identifier on the Unified Firewall has to be left empty in the configuration. |
1.7) Click the icon to create a new VPN host.
...
1.10) Use the “+” sign to assign the required protocols to the VPN host.
...
| Info |
|---|
A Unified Firewall uses a deny-all strategy. You therefore have to explicitly allow communication. |
...
| Info |
|---|
Firewall objects can also be accessed via Desktop |
...
→ Desktop Connection and clicking on the “edit” icon. |
1.11) Finally, implement the configuration changes by clicking Activate in the firewall.
...
1.12) This concludes the configuration steps on the Unified Firewall.
2) Manual setup of the VPN connection on your smartphone or tablet PC:
...
Forwarding the UDP ports 500 and 4500 automatically causes the ESP protocol to be forwarded.
...
| Info |
|---|
If you are using a router from another manufacturer, ask them about appropriate procedure. |
...
| Hinweis |
|---|
If the UDP ports 500 and 4500 and the ESP protocol are forwarded to the Unified Firewall, an IPSec connection to the LANCOM router can only be used if it is encapsulated in HTTPS (IPSec-over-HTTPS). Otherwise, no IPSec connection will be established. |
3.1) Open the configuration for the router in LANconfig and switch to the menu item IP-Router → Masq . → Port forwarding table .
3.2) Save the following parameters:
...