IPSec settings

You can enable IPSec and configure the settings under VPN > IPsec > IPsec Settings:

Table 1. General
Input box Description
I/0 A slider button indicates whether IPSec is enabled (I) or disabled (0). Click on the slider button to change the status of this option.
Excluded interfaces This selection list is used to select interfaces that should not be used by the IPSec service. If nothing is entered here, then all interfaces are excluded on the system, including those that are newly created or generated automatically. Usually, exception interfaces and IP addresses are required when all traffic is sent to the central office through an IPsec tunnel. In a case like this, you have to be careful to ensure that the local networks remain accessible. By default, IPSec has a higher priority than normal routes. Consequently, even packets destined for local area networks could be sent to the VPN tunnel instead. Under normal circumstances, the default setting which excludes all local interfaces means that the local networks can always be reached.
Excluded IP address Enter the IP addresses in CIDR format. Under no circumstances will packets for these networks be routed to a tunnel, even if a tunnel is configured for the destination address. Click on on the right-hand side to add your entry to the list of IP addresses.
Proxy ARP If this option is enabled, the firewall will respond to ARP requests from local networks for virtual IP addresses for IPSec clients by sending its own MAC address.
Table 2. DHCP server
Input box Description
Active IPSec can use a DHCP server to assign virtual IP addresses to the connected IPSec clients. You can enable this function here. To use this for an IPSec connection, go to Virtual IP pool and select the option DHCP virtual IP pool.
IP address Enter the IP address of the DHCP server. This can be either the address of a DHCP server or a broadcast address of a network.
Table 3. RADIUS server
Input box Description
Active In conjunction with EAP or XAUTH, IPSec can use the user management of a RADIUS server to authenticate the connection. Also, the RADIUS server can assign IP addresses to IPSec clients. To do this for an IPSec connection, go to Virtual IP pool and select the option RADIUS virtual IP pool. You can enable this function here.
IP address IP address of the RADIUS server
Port The port the RADIUS server.
Password Password for accessing the RADIUS server.

If you have made changes, you can use the buttons at the bottom right of the edit window to save them (Save) or discard them (Reset). Otherwise you can close the window (Close).

Click Activate in the toolbar at the top of the desktop to apply your configuration changes.

www.lancom-systems.com

LANCOM Systems GmbH | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E-Mail info@lancom.de

LANCOM Logo