Versionen im Vergleich

Alte Version 2

changes.mady.by.user LANCOM Redaktion

Gespeichert am

verglichen mit

Neue Version Aktuell

changes.mady.by.user LANCOM Redaktion

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.
Seiteneigenschaften



Description:
This document describes how to set up a LANCOM router to establish an IKEv2 VPN connection to Windows AZURE.


Requirements:


Procedure:
Note:
Info
When configuring the LANCOM router, please follow the specifications from Microsoft:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#ipsec-parameter
1) Open the dialog VPN
->
IKEv2/IPSec
->
Encryption and add a new encryption profile.
Image Removed
Image Added
2) It is important that
you
you select DH group 2 and disable PFS.
Image Removed
Image Added
3) Go to the
menu
menu VPN
->
IKEv2/IPSec
->
Authentication and add a new entry.
Image Removed
Image Added
  • Enter a name for the authentication profile.
  • Set the Local authentication parameter to PSK (pre-shared key).
  • Set the Local identifier type parameter to IPv4 address.
  • In the field for the Local identifier, you need to enter the public IP address of the LANCOM router.
  • Enter a local password for use as the pre-shared key.
  • Set the remote authentication parameter to PSK (pre-shared key).
  • Set the Remote identifier type parameter to IPv4 address.
  • In the field for the Remote identifier, you need to enter the public IP address of the Windows AZURE server.
  • Enter a remote password for use by the pre-shared key.
Image Removed
Image Added
4) Go to the
menu
menu VPN
->
General
->
Network rules
->
IPv4
rules
rules and add a new entry.
Image Removed
Image Added 

In this example, the local network of the LANCOM router with the IP address

range

range 192.168.1.0/24 is to communicate with the remote (local) network 192.168.11.0/24.

Image Removed
Image Added
5) Go to the
menu
menu VPN
->
IKEv2/IPSec
->
Connection
list
list and add a new entry.
Image Removed
Image Added
  • Enter a name for the authentication profile.
  • In this example, the VPN connection is established from Windows AZURE, so the short hold time is set to 0.
  • In the field for the remote Gateway, you need to enter the public IP address of the Windows AZURE server.
  • Set the encryption to the encryption profile created in step 2.
  • Set the authentication to the authentication profile created in step 3.
  • The rule creation is performed manually.
  • The IPv4 rule is set to the rule created in step 4.
Image Removed
Image Added
6) Open the
menu
menu IP router
->
Routing
->
IPv4 routing
table
table and create a new entry for the VPN connection to Windows AZURE.
  • The IP address and netmask are the parameters set for the Windows AZURE server.
  • Set the Router as the VPN connection that you created.
  • Switch IP masquerading off.
Image Removed

Image Added