|
|
The Configure page settings change depending on the Security Association (SA) and IPSec Keying Mode options you choose in the Add/Modify IPSec Security Associations section. You can choose either Group VPN (default) or Add New SA from the Security Association list.
SonicWALL's GroupVPN allows you to easily setup and manage SonicWALL VPN Clients (v 8.0 and earlier) and SonicWALL Global VPN Clients. GroupVPN uses SonicWALL's Client Policy Provisioning to automatically configure SonicWALL Global VPN Clients to remove the burden from the user of provisioning VPN connections. Configuring GroupVPN on the SonicWALL establishes the VPN configuration data for downloading to SonicWALL Global VPN Clients. Once you create the GroupVPN SA, you configure GroupVPN to automatically provision SonicWALL Global VPN Clients by downloading the policy, or exporting the policy file for manual installation in the SonicWALL Global VPN Client.
SonicWALL GroupVPN SA supports the following IPSec Keying Modes:
Add New SA from the Security Association menu allows you to create SAs for VPN clients or SonicWALL (LAN) to SonicWALL (LAN) VPN connections:
Manual Key - SonicWALL VPN Clients (v 8.0 and earlier) and SonicWALL to SonicWALL VPN connections.
IKE using Preshared Secret - SonicWALL VPN Clients (v 8.0 and earlier) and SonicWALL to SonicWALL VPN connections.
IKE using SonicWALL Certificates - SonicWALL VPN Clients (v 8.0 and earlier) SonicWALL to SonicWALL connections.
IKE Using 3rd Party Certificates - SonicWALL VPN Clients (v 8.0 and earlier) and SonicWALL to SonicWALL connections.
You can choose to disable certain security associations and still allow access by remote VPN clients. The feature is useful if it is suspected that a remote VPN user connection has become unstable or insecure. It can also temporarily block access to the SonicWALL appliance if necessary. Disable the Security Association by checking the Disable this SA check box. Click Update to enable the change to take place.
The Security policy section provides options for authenticating VPN connections for GroupVPN, IKE using Preshared Secret, and Manual Key.
Note: The Destination Network section is displayed only if Add New SA is selected from the Security Association menu.
In the Destination Networks section, you enter the network settings for the remote VPN site (the “Destination Network”). Include the subnet mask which determines broadcast addresses for NetBIOS support.
Use this SA as the default route for all Internet traffic (Security Associations using IKE with Preshared Secret and Manual Key) - Enable this check box if all remote VPN connections access the Internet through this SA. Selecting this option means no traffic leaves the SonicWALL unless it is through a VPN tunnel. You can only configure one SA to use this setting.
Destination network obtains IP addresses using DHCP through this SA (Security Associations using IKE and Preshared Secret) - Enable this check box if the remote network obtains its IP addresses from this SA.
Specify destination networks below - Configure the destination networks for your VPN Security Association. Click Destination Networks to enter the IP address and subnet mask.
To add a second destination network, click Add New Network and define the Network and Subnet Mask fields of the second network segment. To modify a destination network, click the Notepad icon to the right of the appropriate destination network entry. Then modify the appropriate fields and click Update to update the configuration. To delete a destination network, click the Trash Can icon to the far right of the appropriate destination network entry and then click OK to confirm the removal.
The Security Association menu also allows you to modify and delete existing Security Associations. To delete an SA, select it from the Security Association list and click the Delete This SA button. To modify an SA, select it from the list, make the desired changes, and click Update. Once the SonicWALL has been updated, a message confirming the update is displayed at the bottom of the Web browser window. Click Update to enable the changes.
The Destination Networks sections provides settings for defining the IP addresses of the remote networks.
The Advanced Settings button displays the VPN Advanced Settings window. Advanced settings for all security associations are configured in the Advanced Settings window.
Note: The Client Settings button is displayed only if GroupVPN is selected from the Security Association menu.
Clicking the Client Settings button displays the VPN Client Settings window. The controls in this window allows configuration of the SonicWALL Global VPN Client authentication requirements, username and password caching, use of DHCP Relay, and multiconnection behavior.
Note: The Export Settings button is displayed only if GroupVPN is selected from the Security Association menu.
Clicking on the Export Settings button displays the Export Security Association window. The controls in this window allow you to export the SA to a file for SonicWALL Global VPN Client users.
Note: The Delete This SA button is displayed only if Add New SA is selected from the Security Association menu.
Clicking on the Delete This SA button removes the security association.