VPN connection (IKEv2) between a LANCOM router and Windows AZURE

Description:

This document describes how to set up a LANCOM router to establish an IKEv2 VPN connection to Windows AZURE.

Requirements:

• LCOS as of version 9.20 (download latest version)
• LANtools as of version 9.20 (download latest version)

Procedure:

1) Open the dialog VPN → IKEv2/IPSec → Encryption and add a new encryption profile.

Image of a technical configuration interface displaying options such as Firewall QoS, Content Filter, and settings for General Addresses for dialing access in CFG Mode.

2) It is important that you select DH group 2 and disable PFS.

Image showing a technical configuration interface with options for encryptions like AESCBC and DES, digest methods SHA1 and SHA256, and permitted DH groups, suggesting settings for network or data encryption protocols.

3) Go to the menu VPN → IKEv2/IPSec → Authentication and add a new entry.

An image of a technical configuration interface for setting up VPN connections, showing options for network rules, digital signatures, routing protocols, content filtering, and related settings. 

• Enter a name for the authentication profile.
• Set the Local authentication parameter to PSK (pre-shared key).
• Set the Local identifier type parameter to IPv4 address.
• In the field for the Local identifier, you need to enter the public IP address of the LANCOM router.
• Enter a local password for use as the pre-shared key.
• Set the remote authentication parameter to PSK (pre-shared key).
• Set the Remote identifier type parameter to IPv4 address.
• In the field for the Remote identifier, you need to enter the public IP address of the Windows AZURE server.
• Enter a remote password for use by the pre-shared key.

Image displaying a technical user interface for authentication settings featuring various configuration options like digital signatures, password generation, and local identifiers.

4) Go to the menu VPN → General → Network rules → IPv4 rules and add a new entry.

Screenshot of a complex network configuration interface showing various settings such as Location Based Services, WLAN Control, IPv6 network lines, Firewall QoS, and IPsec over HTTPS among other technical options. 

In this example, the local network of the LANCOM router with the IP address range 192.168.1.0/24 is to communicate with the remote (local) network 192.168.11.0/24.

This image displays a technical user interface with labeled options including 'io zuceven', 'Localnewerks', and 'Remotentwors Tone'.

5) Go to the menu VPN → IKEv2/IPSec → Connection list and add a new entry.

Screenshot of a technical interface for configuring stable IKEv2 VPN connections, displaying options for network management, firewall rules, and IP address settings. 

• Enter a name for the connection profile.
• In this example, the VPN connection is established from Windows AZURE, so the short hold time is set to 0.
• In the field for the remote Gateway, you need to enter the public IP address of the Windows AZURE server.
• Set the encryption to the encryption profile created in step 2.
• Set the authentication to the authentication profile created in step 3.
• The rule creation is performed manually.
• The IPv4 rule is set to the rule created in step 4.

Image showing a technical configuration menu for managing connection settings, including options for gateway, IP address pools, authentication over RADIUS, and integration with Azure VPN.

6) Open the menu IP router → Routing → IPv4 routing table and create a new entry for the VPN connection to Windows AZURE.

• The IP address and netmask are the parameters set for the Windows AZURE server.
• Set the Router as the VPN connection that you created.
• Switch IP masquerading off.

Image displaying a routing table configuration interface with options for IP address, enabling routes with RIP protocol, setting VPN to AZURE, and masking options for Intranet and DMZ.