IKEv2 / Configuring IKEv2 with LANconfig
Parent topic: Configuring IKEv2 with LANconfig

Connection parameters

Use this table to specify the parameters of IKEv2 VPN connections that are not included in the SA negotiation. An entry named "DEFAULT" is provided with common settings.





Name
Contains the unique name of this entry. You assign this name to the connections in the Connection list in the "Connection parameters" field.
Dead peer detection
Contains the time in seconds after which the device disconnects from the remote peer if there is a loss of contact.
Encapsulation
In some scenarios, using the normal VPN port 500 is not an option, such as when firewalls are in the way. SSL or UDP can be set here. Use this in combination to configure any Destination port. The IKEv2 tunnel is established either with port 4500 for UDP or with the port set for the Destination port. If the destination port is set to 500, this will be ignored and port 4500 is used instead. For SSL, the tunnel is established either with port 443 or with the setting for the destination port. If the destination port is set to 500 or 4500, this will be ignored and port 443 is used instead. If set to "None", the port 500 is taken and the setting in Destination port is ignored. The configurable port can be used for scenarios where a LANCOM router already accepts VPN tunnels on the standard ports. A port forwarding rule would allow these ports to be forwarded to any destination.
Destination port
Here you can specify that the destination port depends on the setting in Encapsulation. If the setting is different from 500, UDP encapsulation is performed automatically.
MOBIKE
Defines whether MOBIKE as per RFC 4555 should be supported. MOBIKE according to RFC 4555 for IKEv2 optionally allows mobile clients to roam between different networks without disconnecting the VPN tunnel. For example, a VPN client can roam seamlessly from cellular to Wi-Fi, whereby an IKEv2 update message updates the external IP address on the VPN gateway. The advantage is that the VPN tunnel or the Security Associations (SAs) do not have to be terminated and setup again. MOBIKE is only supported as a responder role, i.e. when VPN clients establish connections to the LANCOM VPN router. The establishment of VPN tunnels with the MOBIKE extension is not supported.
MOBIKE cookie challenge
Defines whether the device should send a cookie challenge to determine whether the VPN client can actually receive packets at the new address ("Return Routability Check").
Parent topic: Configuring IKEv2 with LANconfig

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo