Chapter 8: Firewall LANCOM Reference Manual LCOS 3.50
139
Firewall
Example configuration “Basic Internet”
If you want to permit a VPN dial-in to a LANCOM acting as VPN gateway,
then you need a Firewall rule allowing incoming communication from the
client to the local network:
In case a VPN is not terminated by the LANCOM itself (e.g. a VPN Client
in the loc al area n etwork, or LANCO M as Firew all in fro nt of an a ddition al
VPN gateway), you'd have to allow IPSec and/or PPTP (for the "IPSec over
PPTP" of the LANCOM VPN Client) ports additionally:
For ISDN or V.110 dial-in (e.g. by HSCSD mobile phone) you have to allow
the particular remote site (see also ’Configuration of remote stations’
page89):
Rule name Source Destination Action Service
(target
port)
ALLOW_HTTP Local network All stations transmit HTTP, HTTPS
ALLOW_FTP Local network All stations transmit FTP
ALLOW_EMAIL Local network All stations transmit MAIL, NEWS
ALLOW_DNS_F
ORWARDING
IP address of
LANOM (or: Local
network)
transmit transmit DNS
DENY_ALL All stations reject reject ANY
Rule Source Destination Action Service
ALLOW_VPN_DIAL_IN remote site name Local network transmit ANY
Rule Source Destination Action Service
(target port)
ALLOW_VPN VPN Client VPN Server transmit IPSEC, PPTP
Rule Source Destination Action Service
ALLOW_DIAL_IN remote site name Local network transmit ANY