Versionen im Vergleich

Alte Version 2

changes.mady.by.user LANCOM Redaktion

Gespeichert am

verglichen mit

Neue Version Aktuell

changes.mady.by.user LANCOM Redaktion

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.
Seiteneigenschaften



Description:
The document describes how VPN connections from multiple branch offices can be accepted at the main office with redundant equipment.


Requirements:


Scenario:
Multiple branch offices (e.g. with LANCOM 178x) are to be distributed between 2 VPN gateways with redundant equipment (e.g. LANCOM 8011).
For example, a total of 10 VPN tunnels should be distributed between 2 LANCOM 9100+ (5 tunnels each). Furthermore, a backup in case of any failure of the hardware or Internet connection should be available.
This scenario can be implemented with the use
of
of VRRP (Virtual Router Redundancy Protocol) and RIP (Routing Information Protocol).


Normal operation:
Image Removed
Image Added

Backup event:
Image Removed
Image Added

Procedure:
1) On both LANCOMs at the main office, all VPN connections have to be set up accordingly. For the VPN configuration at the branch offices, enter the VPN gateway that should be contacted in normal operation (
LANconfig ->
VPN
->
General
->
VPN connection list). The alternative VPN gateway is entered for the appropriate VPN connection
in LANconfig -> VPN -> General ->
in VPN → General → Further remote gateways.
2) At the main office, VRRP is configured on the two LANCOM devices. (
LANconfig ->
IP router
->
VRRP) – two virtual routers.
There, you first set a checkmark
on
on VRRP activate and Propose internal services on the virtual IPs.
Image Removed
Image Added
3) Now click on the the
button
button VRRP list and create the required VRRP routers. The IP addresses 192.168.1.100 and 192.168.1.200 entered here are to be replaced with free IP addresses in your network.
Image Removed
Image Added
Please note that, for the second LANCOM router, the entries for main priority must be reversed. 
Image Removed
Image Added
4) In order to enable the VRRP routers to use RIP to communicate with one another, navigate
to
to Routing protocols
->
RIP
->
RIP networks..., select the network in use and set the option RIP type to RIP-2.
Image Removed
Image Added
5) In order to enable communication by RIP, the routing table in each of the two LANCOMs must be configured with the routes to the branch-office devices. In this example, the first VRRP router in normal operation handles the route
to
to Office 1 and the second router handles the connection to Office 2. Configure the routing rules as they are shown in the figures below:

Routing rule for Office 1:
Image Removed
Image Added

Routing rule for Office 2:
Image Removed
Image Added
The routing table must then contain the following entries:
Image Removed
Image Added
Info:
Info

As the last change, you must define one of the two virtual routers created as the default gateway for IP addressing on the DHCP server of your network. However, it is recommended to configure the two LANCOM routers as a DHCP server for the LAN, since this allows you to distribute both virtual VRRP IP addresses in the LAN and thus also achieve a load distribution in the LAN. The fact that both DHCP servers are on and assign the virtual address as a gateway, which is respectively master, results in a statistical distribution of the clients on one of the two routers.

6. On both devices, enable the DHCP server under IPv4
->
DHCPv4
->
DHCP networks. To avoid duplication, it is absolutely necessary that you set the check box for DHCP clusters.
Image Removed
Image Added