Versionen im Vergleich

Alte Version 2

changes.mady.by.user LANCOM Redaktion

Gespeichert am

verglichen mit

Neue Version Aktuell

changes.mady.by.user LANCOM Redaktion

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.

...

  • LANCOM R&S Unified Firewall as of LCOS FX 10.7
  • LANCOM VPN router
  • LCOS as of version 10.20 (download)
  • LANtools from version 10.20 (download)
  • A configured and functional Internet connection on the Unified Firewall
  • Web browser for configuring the Unified Firewall.

The following browsers are supported:

    • Google Chrome
    • Chromium
    • Mozilla Firefox


Scenario:

1) The Unified Firewall is connected directly to the Internet and has a public IPv4 address:

...

1.1) Click on the "+" icon to create a new routing entry.

Image RemovedImage Added

1.2) The first step is to create a Certification Authority (CA) for VPN connections.

...

1.3) Then click the Create button.

Image RemovedImage Added

1.4) Click on the "+" icon to create a certificate for the LANCOM router at the branch office:

  • For the Certificate type, select Certificate.
  • Certificate must be selected as the template.
  • In the Private key password field, enter the password that you assigned in step 1.2Assign any private key password.
  • Set a validity period.
  • Select the VPN CA from step 1.2 as the "Signing CA".
  • In the CA password field, enter the password that you assigned in step 1.2.
  • You can leave the settings Encryption Algorithm, Key Size and Hash Algorithm in the default.

1.5) Then click the Create button.

Image Added Image Removed

1.6) Click on the "+" icon to create a VPN certificate for the United Firewall at the branch officeheadquarter:

  • For the Certificate type, select Certificate.
  • Certificate must be selected as the template.
  • In the Private key password field, enter the password that you assigned in step 1.2Assign any private key password.
  • Set a validity period.
  • Select the VPN CA from step 1.2 as the "Signing CA".
  • In the CA password field, enter the password that you assigned in step 1.2.
  • You can leave the settings Encryption Algorithm, Key Size and Hash Algorithm in the default.
  • CA Password and Private Key Password, enter the password set in step 1.2.

1.7) Then click the Create button.Image Removed
1.8) The newly created VPN certificates are listed below the newly created VPN certification authority (see following figure).

Image Removed

 

Image Added

2) Creating the VPN connection on the Unified Firewall:
2.1) Connect to the configuration interface of the Unified Firewall and navigate to VPN -> IPsec settings.

...

  • Name: Enter a descriptive name.
  • Security profile: Select the profile LANCOM LCOS Default IKEv2.
  • Connection: From the drop-down menu, select the Network connection used for the Internet connection.
  • Remote Gateway: Enter the public IP or DNS address of the LANCOM router at the branch office.

If you have created your own template or security profile, you can use these here.

...

3.1) Change to the menu Certificate Management → Certificates and, for the VPN certificate for the LANCOM router, click the Export button.Image Removed

3.2) Select the PKCS 12 PKCS#12 format and enter any password the private Key password you configured in step 1.4 and a transport password.

3.3) Click Export and save the certificate file on your PC.

Image Added


4) Configuration steps on the LANCOM router:

4.1) Upload the router certificate to the LANCOM router:

...

4.1.4) In the Cert. password box enter the transport password for the certificate file (see step 3.2).

...

The certificate-based VPN connection to the Unified Firewall at the headquarters will now be established.


5) Setting up port and protocol forwarding on a LANCOM router (scenario 2 only):

...