Chapter 14: Virtual Private Networks—VPN LANCOM Reference Manual LCOS 3.50
311
Virtual Private Networks—
VPN
14.5.5 Prepare VPN network relationships
The firewall integrated into LANCOM routers is a powerful instrument for
defining source and target address ranges between which data transfer (and
limitations to it) can be enabled or prohibited. These functions are also used
for setting up the network relationships for the VPN rules.
In the simplest case, the firewall can generate the VPN rules automatically.
The local intranet serves as the source network, i.e. the same private IP
address range that the local VPN gateway itself belongs to.
For automatically generated VPN rules, the target networks are those
network ranges that have a remote VPN gateway set as their router.
To activate the automated rule generation, simply switch on the
corresponding option in the firewall1. When coupling two simple local
networks, the automatic VPN can interpret the necessary network
relationships from the IP address range in its own LAN and from the entry for
the remote LAN in the IP routing table.
The description of the network relationships is more complicated if the source
and target networks are not only represented by the intranet address ranges
of the connected LANs:
1. automatic when using the VPN installation Wizard under LANconfig
IP network: 10.1.0.0
Net mask: 255.255.0.0
IP network: 10.2.0.0
Net mask: 255.255.0.0
VPN-GW 1
80.146.81.251
VPN-GW 2
217.213.77.120
IP routing table:
10.2.0.0/16 > VPN-GW-2
IP routing table:
10.1.0.0/16 > VPN-GW-1