Description: This document describes how to set up a LANCOM router to establish an IKEv2 VPN connection to Windows AZURE. Requirements:
Procedure: Note: When configuring the LANCOM router, please follow the specifications from Microsoft: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#ipsec-parameter 1) Open the dialog VPN -> IKEv2/IPSec -> Encryption and add a new encryption profile. 2) It is important that you select DH group 2 and disable PFS. 3) Go to the menu VPN -> IKEv2/IPSec -> Authentication and add a new entry.
- Enter a name for the authentication profile.
- Set the Local authentication parameter to PSK (pre-shared key).
- Set the Local identifier type parameter to IPv4 address.
- In the field for the Local identifier, you need to enter the public IP address of the LANCOM router.
- Enter a local password for use as the pre-shared key.
- Set the remote authentication parameter to PSK (pre-shared key).
- Set the Remote identifier type parameter to IPv4 address.
- In the field for the Remote identifier, you need to enter the public IP address of the Windows AZURE server.
- Enter a remote password for use by the pre-shared key.
4) Go to the menu VPN -> General -> Network rules -> IPv4 rules and add a new entry.
In this example, the local network of the LANCOM router with the IP address range
192.168.1.0/24 is to communicate with the remote (local) network 192.168.11.0/24 .
5) Go to the menu VPN -> IKEv2/IPSec -> Connection list and add a new entry.
- Enter a name for the authentication profile.
- In this example, the VPN connection is established from Windows AZURE, so the short hold time is set to 0.
- In the field for the remote Gateway, you need to enter the public IP address of the Windows AZURE server.
- Set the encryption to the encryption profile created in step 2.
- Set the authentication to the authentication profile created in step 3.
- The rule creation is performed manually.
- The IPv4 rule is set to the rule created in step 4.
6) Open the menu IP router -> Routing -> IPv4 routing table and create a new entry for the VPN connection to Windows AZURE.
- The IP address and netmask are the parameters set for the Windows AZURE server.
- Set the Router as the VPN connection that you created.
- Switch IP masquerading off.
|
|