...
This article describes how the LMC is used to configure the LTA client using internal user administration.
| Hinweis |
|---|
There are several default settings and profiles in VPN (e.g. encryption parameters). These are used to set up a VPN connection and allow for an easier configuration by means of prefabricated parameters. When using IKEv2 the remote site DEFAULT in the Connection list has a special role, as the initial connection establishment is carried out via this remote site. When the VPN connection is recognized (e.g. on the basis of the identities), a switch to the actual VPN remote site occurs. The default profiles must not be deleted or modified. Otherwise it is possible, that the VPN connection cannot be established anymore!
|
Requirements:
- Access to the LMC including your own project (subject to charge)
- LANCOM router or LANCOM R&S®Unified Firewall as LTA gateway
- LCOS from version 10.80 REL (download current version)
- LCOS FX as of version 10.13 (download latest version)
- LTA clientclient (download current version)
- Configured and functional local network including Internet connection
- Any web browser for accessing the LMC
- DynDNS provider for the e-mail domain with support of a “TXT Resource Record”
...
1.2) Activate LTA:
1.2.1) In the Security menumenu, go to the the LANCOM Trusted Access tab and click the Activate LTA slider.
...
- Accessible network: From the drop-down menu, select the network edited in step 1.1 that the LTA client should log in to (in this example INTRANET).
- Gateway IP or domain: Enter the public IP address or DNS name of the router where the LTA client can reach the router (in this example 81.81.81.81).
- Trusted Access Client IP network: Enter the network address of a network in CIDR (Classless Inter Domain Routing) notation. The LTA client is assigned an IP address from this network (in this example 10.0.0.0/8). In most cases the Accessible network is used for this, but it is also possible to specify a different network.
- Tunneled domains for DNS resolution: Enter Domains which should always be transmitted via the VPN tunnel (in this example *.intern).
...
| Info |
|---|
If the option All network traffic through tunnel(LANCOM Trusted Internet Access - Full Tunnel) is enabled, or if there is no target network configured for the option Only network traffic to configured networks through tunnel (Split Tunnel), then all data traffic is transmitted via the VPN tunnel. This means that local resources in the user's network cannot be reached while a VPN tunnel is established. It may also result in slower transmission of Internet data traffic, as this is all transmitted via the LTA gateway. In return the data traffic can be checked via Content Filter and Antivirus on the LTA gateway. |
1.3.4) Enter the tunneled networks in CIDR notation and click Save.
1.4) Endpoint Security (optional):
...
1.5.1) Go to the User administration tab and enable the option LMC-managed. Then click Copy text next to the TXT resource record field. Enter this as the TXT resource record into in the account of your DynDNS provider for the domain.
...
- Profile name: Enter a descriptive name for the profile (in this example Admin).
- Users / Groups: From the drop-down menu, select the user created in step 1.5.4 (in this case admin Admin). You can optionally select multiple users and assign them the same permissions.
| Info |
|---|
An LTA license is required for every active user. |
1.7.3) Under Status enable the necessary connection targets for the user (see step 1.6.2) and click Create.
2) Configuration steps in the LTA client:
...