Configuring IKEv2 with LANconfig / LANCOM Advanced Mesh VPN (AMVPN)
Parent topic: LANCOM Advanced Mesh VPN (AMVPN)

Configuring Advanced Mesh VPN

Now configure the Advanced Mesh VPN in LANconfig under VPN > IKEv2/IPSec > Extended settings > Advanced Mesh VPN.









Operation-Mode
This control affects the way the Mesh VPNs works and enables behavior as a spoke or hub, or even both roles at the same time. Possible values:
Deactivated
The Mesh VPN feature is disabled, Mesh VPN messages are not sent, forwarded, or processed. Mesh VPN tunnels are neither established nor accepted.
Hub
The device assumes the role of the central-site VPN gateway. Mesh VPN messages are forwarded between the tunnels. The device itself does not establish or accept any Mesh VPN tunnels.
Spoke
The device assumes the function of a branch office and establishes and accepts Mesh VPN tunnels.
Hub&Spoke
The device takes on the role of the central-site VPN gateway, and also establishes Mesh VPN tunnels to other spokes and accepts Mesh VPN tunnels.
VPN peer template
This parameter refers to an entry in the IKEv2 peer table. This entry is used as a configuration template for the Mesh VPN tunnels.
Detect on VPN peers
A comma-separated list of VPN peers that the (firewall) detector should react to. This entry is required for branches to detect incoming sessions. This can be left empty, e.g. for branches behind a NAT (without port forwarding) and therefore unable to act as responders for a mesh tunnel.
Group-ID
Each device can be assigned to a group that is used to send its requests. One option of this is to divide the mesh into smaller groups, e.g. regional mesh structures.
Accepted group IDs
A comma-separated list specifying the mesh group IDs that are accepted. A request from a group ID not listed here will be discarded.
Admin distance
The distance set in the IP router for routes received via the mesh tunnel. The special value "0" is equivalent to the internal default of "15".
Initial rate limit
Requested networks (addresses) are temporarily blocked in order to protect the network. The initial lockout period is specified here in seconds.
Max. rate limit
The lockout period from the Initial rate limit is doubled each time until the Maximum rate limit is reached.
Request validity
After the lockout period has expired, networks (addresses) that were previously requested will still be available. This validity always begins when the blocking expires and ends when the device sends or receives a request for this network (this address).
Forwarding filter
This filter list can be used to filter requests to specific networks on the hub. If the network request in a Mesh message does not match any row in the table, the request is allowed through (allow-all).




Prefix
Defines the prefix for which a rule should apply, e.g. 10.0.0.0/24 or 2001:db8::/32.
Day
Defines the routing tag or routing context associated with the filter rule.
Action
Defines the action for this filter entry. Possible values: Allow, Deny.
Comment
Enter a descriptive comment here.
Parent topic: LANCOM Advanced Mesh VPN (AMVPN)

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo