In cases where large network infrastructures are coupled via VPN, it is advantageous for the costs and effort in configuring a new subnetwork to be limited to the local VPN router and that the central dial-in router configuration remains unchanged. In order to achieve this simplified network connection, the dial-in devices transmit their identity with the help of a digital certificate.
If simplified dial-in with certificates is activated for the LANCOM Router at the headquarters, then the remote routers can suggest a network to be used for the connection during the IKE negotiation in phase 2 This network is entered, for example, when setting up the VPN connection on the remote router. The LANCOM Router at the headquarters accepts the suggested network when the option 'Allow remote station to select the remote network' is activated. Moreover, the parameters used by the client during dial in must agree with the default values in the VPN router.
LANconfig: VPN / General and VPN / General / Defaults
WEBconfig: LCOS menu tree / Setup / VPN