This document describes how to configure an IKEv2 “extranet VPN” connection between two LANCOM routers so that
all stations in the local network are masked behind a single IP address.Requirements:Procedure:1) Use the
LANconfig Setup Wizard to configure an IKEv2 VPN connection at both ends. The procedure is described in
this Knowledge Base document.
In this example, all of the local stations in the network at the headquarters are to be masked behind the IP address 10.10.10.1.
2) In LANconfig, open the configuration dialog for the LANCOM router at the headquarters and switch to the menu item IP router → Routing → IPv4 routing table.
3) Edit the existing routing entry for the VPN connection to the branch office.
Here, the parameter IP masquerading needs to be set to the value Masking intranet and DMZ.
4) Change to the menu Communication → Protocols → IP parameters.
5) Create a new entry for which you select the VPN connection as the remote site and, in the field Masquerading IP address, you enter the IP address used for masking the stations in the local network.
6) Write the modified configuration back to the LANCOM router at the headquarters.
7) In LANconfig, open the configuration dialog for the LANCOM router at the branch office and switch to the menu item IP router → Routing → IPv4 routing table.
8) Edit the existing routing entry for the VPN connection to the headquarters.
- Here, enter the IP address used to mask the local stations at the headquarters (in this case 10.10.10.1).
- The netmask has to be set to 255.255.255.255.
8) Write the modified configuration back to the LANCOM router at the branch office.
