Sie zeigen eine alte Version dieser Seite an. Zeigen Sie die aktuelle Version an.

Unterschiede anzeigen Seitenhistorie anzeigen

« Vorherige Version anzeigen Version 3 Nächste Version anzeigen »


Beschreibung:

Es soll eine VPN Einwahlverbindung mit dem LANCOM Advanced VPN-Client zu einer LANCOM Gegenstelle aufgebaut werden. Diese Verbindung soll erst nach Eingabe eines zusätzlich einzugebenden Benutzernamens und Passworts aufgebaut werden.


Description:

You wish to use the LANCOM Advanced VPN Client to establish a VPN dial-in connection to a LANCOM remote device. The connection should only be established after the entry of user name and password.


Requirements:
  • The configuration outlined here assumes the existence of a fully configured VPN dial-up connection (without XAUTH extension).


Procedure:

Configuration steps on the LANCOM router:

1) Open the configuration in LANconfig and navigate to the menu Configuration -> VPN -> General -> Connection list.

2) Highlight the entry for the VPN client connection in the list and click Edit.



3) In the XAUTH field, select the option Server. Now close the dialog window with the OK button.



4) Go to the menu Configuration -> VPN -> IKE auth. -> IKE keys and identities.



5) Open the entry in the list for the VPN client connection and, in the fields for Local identity type and Remote identity type, select for each one the option Key ID (group name). The fields of Local identity and Remote identity must contain a value (e.g. the word zentrale (Headquarters)).



6) In order for XAUTH to be able to query a user name and password, an entry must be added to the PPP list under Configuration -> Communication-> Protocols -> PPP list.



7) Here, the Remote site is set as the name of the VPN connection from the connection list in the drop-down menu. No user name is entered here. Enter a password into the field for the password. Finally, the IP routing must be enabled.



8) Close the dialog using the OK button and write the new configuration back to the LANCOM router.


Configuring the LANCOM Advanced VPN Client

1) Open the VPN client profile in the menu Configuration-> Profiles.



2) Go to the Identities menu. In the section Local Identity (IKE), set the Type to Free string used to identify groups and enter the ID as the value which you entered in the router configuration step 5. In this example it is zentrale (Headquarters).

3) Additionally enable the option Extended Authentication (XAUTH). By leaving the username and password fields empty here, the login credentials must be entered here every time a VPN connection is made.



4) Store the profile with the OK button.

5) A dialog requesting the user data is displayed before the VPN connection is established. The user name you enter here is the VPN remote site that you selected in the router configuration step 7. The password is the one you set in the router configuration step 7.


Supplementary information:

      XAUTH does not increase the security of the VPN connection itself. However, this extension prevents unauthorized access to the company network by means of unprotected or password-cracked devices. Password protection under Windows is relatively weak. Even if you can get around the user password, there is not yet a connection to the company network.


    XAUTH can also be used in combination with certificates. The configuration of XAUTH is the same. The only difference is that the setting is changed to use certificates when a client dials in.



  • Keine Stichwörter