Versionen im Vergleich

Alte Version 8

changes.mady.by.user LANCOM Redaktion

Gespeichert am

verglichen mit

Neue Version Aktuell

changes.mady.by.user LANCOM Redaktion

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.

...

2) Creating the VPN connection on the Unified Firewall:

2.1) Connect to the configuration interface of the Unified Firewall and navigate to to VPN -> IPsec settings.

2.2) Activate IPsec.

2.3) Switch to VPN -> IPsec Connections and click on the "+" icon to create a new IPsec connection.

...

  • Name: Enter a descriptive name.
  • Security profile: Here you select the ready-made profile LANCOM Advanced VPN Client IKEv2 X.509.
  • Connection: Select your configured Internet connection.
Info

If you have created your own template or security profile, you can use these here.

2.5) Open then the Tunnels tab.

  • Local networks: Here you enter the local networks (in CIDR notation) that the VPN client should reach. In this example, the local network at the headquarters has the IP address range 192.168.3.0/24.
  • Virtual IP pool: Select the option Default virtual IP pool. Virtual IP pools can be used to send IP address configurations to connected VPN clients.
Info

If an IP address from a local network should be assigned to the VPN client instead of an address from the Virtual IP Pool (via the field Virtual IP), Route-based IPSec has to be activated and a routing entry for the VPN interface has to be created in the Routing Table 254 which refers to the virtual IP address in the local network.

2.6) Change to the Authentication tab and enter the following parameters:

...

2.11) Use the "+" sign to assign the required protocols to the VPN host.

...

Info

A Unified Firewall uses a deny-all strategy. You therefore have to explicitly allow communication.

Info: Firewall objects can also be accessed via Desktop -> Desktop connections and clicking on the "edit" icon.

2.12) Finally, implement the configuration changes by clicking clicking Activate in the firewall.

2.13) Change to the menu VPN → IPsec → Connections and, on the newly created Advanced VPN Client connection, click on the Export connection button.

...

Forwarding the UDP ports 500 and 4500 automatically causes the ESP protocol to be forwarded.

...

Info

If you are using a router from another manufacturer, ask them about appropriate procedure.

...

Hinweis

If the UDP ports 500 and 4500 and the ESP protocol are forwarded to the Unified Firewall, an IPSec connection to the LANCOM router can only be used if it is encapsulated in HTTPS (IPSec-over-HTTPS). Otherwise, no IPSec connection will be established.

6.1) Open the configuration for the router in in LANconfig and switch to the menu item IP-Router → Masq. → Port forwarding table.

...