Viewing Article

No StarNo StarNo StarNo StarNo Star | Sep 28 2009, 11:53 AM | Print
Configure SonicWALL VPN Connections

Hundreds of thousands of organizations turn to SonicWALL hardware to fulfill their firewall and network switching needs. SonicWALL firewalls also power effective VPN connections, providing secure remote access for everyone from mobile employees to executive staff.

Here are the most common steps required for configuring SonicWALL VPN connections. While this article describes administering SonicWALL VPN tunnels using the manufacturer's popular PRO 1260 series router, the steps are quite similar for other SonicWALL models, too.

Essentially, there are three steps to the process: Configuring the SonicWALL firewall, creating VPN user accounts and installing and configuring the SonicWALL Global VPN Client.

Configuring the router

SonicWALL’sGroupVPN service simplifies configuring secure remote connections. Enable SonicWALLGroupVPN using the SonicWALL VPN Wizard by following these steps:

  1. Log in to the SonicWALL device.
  2. Click on the VPN button.
  3. Click the VPN Policy Wizard button; the Welcome To TheSonicWALL VPN Wizard screen will appear.
  4. Click Next.
  5. Specify whether you wish to create a Site-to-Ste VPN (such as you might wish to do when connecting a SonicWALL wireless router to another SonicWALL device) or a WAN GroupVPN (to enable incoming VPN connections to the SonicWALL firewall). In this example we’re creating VPN connections to enable remote employee access, so we need to select the WAN GroupVPN radio button and click the Next button. (Figure A)

Figure A

Administrators must specify whether a site-to-site or WAN GroupVPN policy is to be created.
  1. The IKE Phase 1 Key Method screen appears. Specify whether you wish to use a default key or use a preshared key. Make a note of the preshared key if you select that option, then click Next.
  2. The Security Settings menu appears. In addition to specifying the encryption and authentication methods, drop-down boxes appear for specifying the DH (Diffie-Hellman) key group (SonicWALL devices support groups 1, 2 and 5) and Life Time. Typically SonicWALL’s default settings work well for most organizations.
  3. After clicking Next, the User Authentication menu appears. Administrators must specify whether user authentication should be implemented. Ensure the Enable User Authentication box is checked and select Trusted Users to ensure only the trusted users you specify later can connect to the organization’s network using the SonicWALL VPN. Then, click Next.
  4. The Configure Virtual IP Adapter menu appears next. The Virtual IP Adapter is used to obtain special IP addresses when connecting to the SonicWALL device, enabling the client to appear to be on the internal LAN. Check the box if you wish to enable the Virtual IP Adapter and click Next.
  5. The WAN GroupVPN Configuration Summary menu appears. The confirmation screen reviews the settings that will be implemented upon clicking the Apply button. Click the Apply button to finish enabling the VPN settings.
  6. The SonicWALL device will store the SonicWALL configuration, then display a congratulatory message stating the SonicWALL VPN Wizard completed successfully.
  7. While the SonicWALL creates the VPN, it doesn’t enable it by default. Log back in to the SonicWALL device and click the SonicWALL’s VPN button, and then check the Enable box to activate the VPN. (Figure B)

Figure B

Don’t forget to enable VPN policies from the VPN | Settings screen on the SonicWALL device.

You can edit a VPN’s settings and configuration at any time by logging in to the SonicWALL router, clicking VPN and clicking the Configure icon (the pencil and paper symbol) associated with each VPN entry.

Specifying authorized VPN users

The next step is to specify those users authorized to access the VPN. To do so:

  1. Log in to the SonicWALL device.
  2. Click the Users button.
  3. Click the Local Users button.
  4. Click the Add button.
  5. Within the Settings tab, enter the user’s name, a password and any comments to help identify the user account. (Figure C)

Figure C

Supply user information on the Settings tab.
  1. From the Groups tab, specify group memberships for the user.
  2. From the VPN Access tab, specify the networks you wish the user to access. (Figure D)

Figure D

A wide variety of network options exist; make your selections by highlighting entries and clicking the corresponding arrow buttons.
  1. Click OK to complete the user configuration.

Figure E

Once a user account is created, the entry will appear within the SonicWALL’s Users | Local Users screen, as shown here.

You can make edits to the user’s account (Figure E) at any time by clicking the Configure icon (the pencil and paper symbol) associated with each user’s account within the SonicWALL’s Users | Local Users menu.

Installing the SonicWALL Global VPN Client

Now you’re ready to install the SonicWALL Global VPN Client software on the end user’s system. Follow these steps to configure the end user client:

  1. Download (from www.mysonicwall.com or the CD-ROM supplied with the SonicWALL device) the SonicWALL Global VPN Client executable. Once you’ve downloaded the file, double-click it to begin installing the VPN client.
  2. The Preparing Setup window will appear. When it completes, the Welcome To TheSonicWALLInstallshield Wizard menu will display. Click Next.
  3. Next you’ll see a warning message indicating that antivirus and firewall programs must be disabled to install the SonicWALL Global VPN Client. Disable any such programs and click Next.
  4. Read the license agreement, then select the I Accept The Terms Of The License Agreement radio button and click Next.
  5. Specify the location of the SonicWALL Global VPN Client. By default, SonicWALL’sInstallshield will place the files in the C:\Program Files\SonicWALL Global VPN Client directory. Click Next to proceed (or click the Browse button, specify the directory you wish to use, and then click Next).
  6. Click Install to install the SonicWALL Global VPN Client in the directory you specified in the last step.
  7. The Setup program will install the VPN client, tracking its progress as it completes. When it finishes, it will display the SonicWALL Global VPN Client Setup Complete screen, which will include two checkboxes (Figure F). Check the respective boxes if you wish to start the VPN client automatically when users log in and launch the program immediately upon completing the wizard. Then, click Finish.

Figure F

Check the supplied boxes to automatically start the VPN connection when users log in and to launch the program immediately upon completing setup.
  1. Windows Firewall may block the SonicWALL Global VPN Client. If Windows Firewall presents a warning message, click Unblock.
  2. The New Connection Wizard will appear. Click Next.
  3. The Choose Scenario menu displays next. Specify whether you wish to implement Remote Access or an Office Gateway. Choose Office Gateway if you’re connecting two SonicWALL devices. Choose Remote Access if you wish to enable secure connectivity for remote staff. As we’re enabling remote access, we’ll choose that option and click Next. (Figure G)

Figure G

Specify whether the VPN connection is being used to provide remote access or to connect two SonicWALL devices (Office Gateway).
  1. Specify the SonicWALL’s IP address or domain name, provide a connection name and click Next.
  2. The Completing The New Connection Wizard menu appears next. Check the appropriate boxes to create a desktop shortcut for the new connection and automatically enable the connection whenever the end user launches the SonicWALL Global VPN Client. Then, click Finish.

The SonicWALL Global VPN Client is then created. To connect to the VPN, end users need only double-click the SonicWALL Global VPN Client and enter any required credentials. As with configuring VPNs and end users, the end user can edit a VPN connection’s settings and configuration at any time by right-clicking it from within the SonicWALL Global VPN Client window and selecting Properties.

No comments have been made for this article yet.