̈ Chapter 8: Firewall LANCOM Reference Manual LCOS 3.50
139
Firewall
̈ Example configuration “Basic Internet”
̈ If you want to permit a VPN dial-in to a LANCOM acting as VPN gateway,
then you need a Firewall rule allowing incoming communication from the
client to the local network:
̈ In case a VPN is not terminated by the LANCOM itself (e.g. a VPN Client
in the local area network, or LANCOM as Firewall in front of an additional
VPN gateway), you'd have to allow IPSec and/or PPTP (for the "IPSec over
PPTP" of the LANCOM VPN Client) ports additionally:
̈ For ISDN or V.110 dial-in (e.g. by HSCSD mobile phone) you have to allow
the particular remote site (see also ’Configuration of remote stations’
→page 89):
Rule name Source Destination Action Service
(target
port)
ALLOW_HTTP Local network All stations transmit HTTP, HTTPS
ALLOW_FTP Local network All stations transmit FTP
ALLOW_EMAIL Local network All stations transmit MAIL, NEWS
ALLOW_DNS_F
ORWARDING
IP address of
LANOM (or: Local
network)
transmit transmit DNS
DENY_ALL All stations reject reject ANY
Rule Source Destination Action Service
ALLOW_VPN_DIAL_IN remote site name Local network transmit ANY
Rule Source Destination Action Service
(target port)
ALLOW_VPN VPN Client VPN Server transmit IPSEC, PPTP
Rule Source Destination Action Service
ALLOW_DIAL_IN remote site name Local network transmit ANY