SonicWALL VPN, based on the industry-standard IPSec VPN implementation, provides a easy-to-setup, secure solution for connecting mobile users, telecommuters, remote offices and partners via the Internet. Mobile users, telecommuters, and other remote users with poadband (DSL or cable) or dialup Internet access can securely and easily access your network resources with the SonicWALL Global VPN Client or Global Security Client and SonicWALL GroupVPN on your SonicWALL. Remote office networks can securely connect to your network using site-to-site VPN connections that enable network-to- network VPN connections.
Note! For more information on the SonicWALL Global VPN Client, see the SonicWALL Global VPN Client Administrator’s Guide. For more information on the SonicWALL Global Security Client, see the SonicWALL Global Security Client Administrator’s Guide. Both guides are available at http://www.sonicwall.com/services/documentation.html.
SonicWALL’s GroupVPN provides automatic VPN policy provisioning for SonicWALL Global VPN Clients. The GroupVPN feature on the SonicWALL security appliance and the SonicWALL Global VPN Client (part of the Global Security Client) dramatically streamline VPN deployment and management. Using SonicWALL’s Client Policy Provisioning technology, you define the VPN policies for Global VPN Client users. This policy information automatically downloads from the SonicWALL security appliance (VPN Gateway) to Global VPN Clients, saving remote users the burden of provisioning VPN connections.
You can easily and quickly create a site-to-site VPN policy or a GroupVPN policy for SonicWALL Global Security Clients using the VPN Policy Wizard. You can also configure GroupVPN or site-to-site VPN tunnels using the Management Interface. You can define up to four GroupVPN policies, one for each Zone. You can also create multiple site-to-site VPN. The maximum number of policies you can add depends on your SonicWALL model.
The VPN>Settings page provides the SonicWALL features for configuring your VPN policies. You configure site-to-site VPN policies and GroupVPN policies from this page.
The VPN Policy Wizard walks you step-by-step through the configuration of GroupVPN or site-to-site VPN policies on the SonicWALL security appliance. After completing the configuration, the wizard creates the necessary VPN settings for the selected policy. You can use the SonicWALL Management Interface for optional advanced configuration options.
Alert! The VPN Policy Wizard only configures GroupVPN or site-to-site VPN policies for the WAN interface.
Unique Firewall Identifier - the default value is the serial number of the SonicWALL. You can change the Firewall Identifier, and use it for configuring VPN Security Associations.
Enable VPN - must be selected to allow VPN security associations.
The VPN Policies section allows you to create the following Security Associations (SAs) for VPN clients or SonicWALL to SonicWALL VPN connections:
Manual Key SonicWALL VPN Clients (v 8.0 and earlier) and SonicWALL to SonicWALL VPN Connections - requires matching encryption and authentication keys. Because Manual Key Configuration supports multiple SAs, it enables individual control over remote users. Clicking the Add button under the VPN Policies table displays the VPN Policy window for configuring Manual Key.
IKE using Preshared Secret SonicWALL VPN Clients (v 8.0 and earlier) and SonicWALL to SonicWALL VPN Connections - IKE transparently negotiates encryption and authentication keys. The IKE VPN session is authenticated by matching preshared keys and IP addresses or Unique Firewall Identifiers or fully qualified domain names. IKE using Preshared Secret can be selected for GroupVPN and VPN Clients or SonicWALL to SonicWALL connections. Clicking the Add button under the VPN Policies table displays the VPN Policy window for configuring IKE using preshared key.
All existing VPN policies are displayed in the VPN Policies table. Each entry displays the following information:
The number of VPN policies defined, policies enabled, and the maximum number of site-to-site and GroupVPN policies allowed are displayed below the VPN Policies table.
Clicking on the Edit icon in the Configure column for the GroupVPN displays the VPN Policy window for configuring the GroupVPN policy.
Below the VPN Policies table are the following buttons:
The VPN Policies table provides easy pagination for viewing a large number of VPN policies. You can navigate a large number of VPN policies listed in the VPN Policies table by using the navigation control bar located at the top right of the VPN Policies table. Navigation control bar includes four buttons. The far left button displays the first page of the table. The far right button displays the last page. The inside left and right arrow buttons moved the previous or next page respectively.
You can enter the policy number (the number listed before the policy name in the # Name column) in the Items field to move to a specific VPN policy. The default table configuration displays 50 entries per page. You can change this default number of entries for tables on the System > Administration page.
You can sort the entries in the table by clicking on the column header. The entries are sorted by ascending or descending order. The arrow to the right of the column entry indicates the sorting status. A down arrow means ascending order. An up arrow indicates a descending order.
A list of currently active VPN tunnels is displayed in the Currently Active VPN Tunnels table. This table lists the Name of the SA, the Local LAN IP address, the Remote destination network IP addresses, and the peer Gateway IP address.
Help Table of Contents