Simplified network connection with certificates – Proadaptive VPN;VPN:Proadaptive VPNproadaptive VPN

In cases where large network infrastructures are coupled via VPN, it is advantageous for the costs and effort in configuring a new subnetwork to be limited to the local VPN router and that the central dial-in router configuration remains unchanged. In order to achieve this simplified network connection, the dial-in devices transmit their identity with the help of a digital certificate.

If simplified dial-in with certificates is activated for the LANCOM Router at the headquarters, then the remote routers can suggest a network to be used for the connection during the IKE negotiation in phase 2 This network is entered, for example, when setting up the VPN connection on the remote router. The LANCOM Router at the headquarters accepts the suggested network when the option 'Allow remote station to select the remote network' is activated. Moreover, the parameters used by the client during dial in must agree with the default values in the VPN router.

Note: When configuring the dial-in remote stations, be sure to note that each remote station requests a specific network so that no network address conflicts arise.

LANconfig: VPN / General and VPN / General / Defaults

WEBconfig: LCOS menu tree / Setup / VPN

Note: By activating the simplified RAS dial in, all remote routers that have a valid certificate signed by the publisher of the device's root certificate can dial in to the corresponding network. No further configuration of the router is necessary! Unwanted dial-in connections are then prevented exclusively by blocking the certificates and using a CRL. The simplified connection of networks with certificates is therefore limited to LANCOM Router models that support certificate revocation lists (CRL).

Simplified network connection with certificates – proadaptive VPN