- Choose the Wizard that connects two local area networks over VPN. In the appropriate dialog, select VPN connection authentication with certificates (RSA signature).
- Enter the identities contained in the certificates for the local and remote devices. Be sure to use the information from each certificate in full and in the right order: The ASN.1-Distinguished Names listed in Windows from top to bottom in the certificates must be entered into LANconfig from left to right.
Note: Microsoft Windows displays some values in the certificates with outdated abbreviations,
such as 'S' instead of 'ST' for 'stateOrProvinceName', or 'G' instead of 'GN' for 'givenName'.
In these cases make sure that you use the current abbreviations 'ST' and 'GN'.
Note: The Telnet command show vpn cert displays the content of the device
certificate in a LANCOM, including the entered Distinguished Names (DN) under "Subject". The
Distinguished Names are displayed in reverse order here until LCOS 6.00 and in the usual order
as of LCOS 6.10!
- If available choose the optimized connection establishment with IKE and PFS group 2. Only choose group 5 for IKE and PFS if this is required by the remote device. This will be the case if, for example, the VPN remote device is configured with LANconfig 3.52 or earlier.
- Enter the names of the VPN remote site, the IP address, the netmask for the remote network and, if applicable, the domain for the DNS forwarding. If required, activate the "Extranet" function and the "NetBIOS routing".