SonicWALL none manual Accessing Redundant VPN Gateways Enabling a VPN Connection

Page 19

The Global VPN Client support two IPSec Keying modes: IKE using Preshared Secret and IKE using 3rd Party Certificates. Preshared Secret is the most common form of the IPSec Keying modes. If your VPN connection policy uses 3rd party certificates, you use the Certificate Manager to configure the Global VPN Client to use digital certificates.

A Pre-Shared Key (also called a Shared Secret) is a predefined field that the two endpoints of a VPN tunnel use to set up an IKE (Internet Key Exchange) Security Association. This field can be any combination of Alphanumeric characters with a minimum length of 4 characters and a maximum of 128 characters. Your Pre-Shared Key is typically configured as part of your Global VPN Client provisioning. If it is not, you are prompted to enter it before you log on to the remote network.

Accessing Redundant VPN Gateways

The Global VPN Client supports redundant VPN gateways by manually adding the peer in the Peers page of the VPN connection Properties dialog box. See “Peers” on page 26 for more information. The Global VPN Client version 2.1.0.0 (or higher) adds automatic support for redundant VPN gateways if the IPSec gateway’s domain name resolves to multiple IP address. For example, if gateway.yourcompany.com resolves to 67.115.118.7, 67.115.118.8 and 67.115.118.9, the Global VPN Client cycles through these resolved IP addresses until it finds a gateway that responds, allowing multiple IP addresses to be used as failover gateways. If all the resolved IP addresses fail to respond, Global VPN Client switches to the next peer, if another peer is specified in the Peers page of the VPN connection Properties dialog box. See “Peers” on page 26 for more information.

Note! When configuring redundant VPN gateways, the Group VPN policy attributes (such as pre-shared keys and the attributes on the Peer Information window) must be the same for every gateway.

Enabling a VPN Connection

Enabling a VPN connection with the SonicWALL Global VPN Client is a transparent two phase process. Phase 1 enables the connection, which completes the ISAKMP (Internet Security Association and Key Management Protocol) negotiation. Phase 2 is IKE (Internet Key Exchange) negotiation, which establishes the VPN connection for sending and receiving data.

When you enable a VPN connection policy, the following information is displayed in the Status column of the SonicWALL Global VPN Client window:

1.Disabled changes to Connecting.

2.Connecting changes to Authenticating when the Enter Username/Password dialog box is displayed.

3.Authenticating changes to Connecting when the user enters the username and password.

4.Connecting changes to Provisioning.

5.Provisioning changes to Connected once the VPN connection is fully established. A green checkmark is displayed on the VPN connection policy icon.

Once the VPN connection is established, a pop-up notification is displayed from the Global VPN Client system tray icon. It displays the Connection Name, Connected to IP address and the Virtual IP Address.

If an error occurs during the VPN connection, Error appears in the Status column and an error mark (red x) appears on the VPN connection policy icon. A VPN policy that doesn’t successfully complete all phase 2 connections displays a yellow warning symbol on the policy icon.

Note! If the Global VPN Client doesn’t establish the VPN connection, you can use the Log Viewer to view the error messages to troubleshoot the problem. See “Understanding the Global VPN Client Log” on page 31 for more information.

Page 18 SonicWALL Global VPN Client 4.0 Administrator’s Guide

Image 19
Contents Global VPN Client Administrators Guide Table of Contents Managing VPN Connection Policies Configuring SonicWALL Security Appliances forCommand Line Interface Appendix a Creating and Deploying the Default.rcf File forAppendix B SonicWALL Global VPN Client Installation Using InstallShield Silent Response FileAppendix E- Log Viewer Messages Appendix D Installing the Global VPN Client with aSonicWALL Global VPN Client SonicWALL Global VPN Client FeaturesNew Features in SonicWALL Global VPN Client SonicWALL Global Security Client and Global VPN Client Using the Right Administrator’s GuidesAbout this Guide Global VPN Client Enterprise/Global Security ClientSonicWALL Pocket Global VPN Client Conventions Used in this GuideIcons Used in this Guide Copyright NoticeLimited Warranty Installing the SonicWALL Global VPN ClientUsing the Setup Wizard Installing the SonicWALL Global VPN Client Understanding VPN Connection Policies Adding VPN Connection PoliciesUnderstanding Digital Certificates Using the New Connection WizardCreating a VPN Connection Policy Select Remote Access or Office Gateway and then click Next Importing a VPN Configuration File Configuring a Dial-Up VPN Connection Making VPN Connections Launching the SonicWALL Global VPN ClientConnecting changes to Provisioning Accessing Redundant VPN Gateways Enabling a VPN ConnectionEstablishing Multiple Connections Entering a Pre-Shared Key Username and Password AuthenticationSelecting a Certificate Checking the Status of a VPN Connection Disabling a VPN ConnectionConnection Warning Creating a VPN Policy Shortcut Managing the Global VPN Client System Tray Icon Specifying Global VPN Client Launch OptionsOpen SonicWALL Global VPN Client Opens the program window General Managing VPN Connection Policy PropertiesUser Authentication Peer Information Dialog Box PeersManaging VPN Connection Policy Properties Activity Virtual IP ConfigurationStatus ConnectionDeleting a Connection Policy Managing VPN Connection PoliciesArranging Connection Policies Renaming a Connection PolicyManaging Certificates Troubleshooting the SonicWALL Global VPN ClientUnderstanding the Global VPN Client Log Type The type of message Information, Error, or WarningConfiguring Auto-Logging Configuring the LogGenerating a Help Report Double-clickAdd/Remove Programs Accessing Technical SupportUninstalling the SonicWALL Global VPN Client Windows 98 SE Viewing Help TopicsGroup VPN Connections Supported by Each SonicWALL Model SonicWALL Global VPN Client LicensesGlobal VPN Client License Support by SonicWALL Model Select Global VPN Client from the Applicable Services menuActivating Your SonicWALL Global VPN Clients Downloading Global VPN Client Software and DocumentationSoftware License Agreement for Sonicwall Globalvpn Client Exports License Miscellaneous Deploying the default.rcf File How the Global VPN Client uses the default.rcf FileSonicWALL Global VPN Client Support Replace the Existing SonicWALL Global VPN Client.rcf File Flags Creating the default.rcf FileDefault.rcf File Tag Descriptions SWClientPolicy version =9.0Page Flags Peer Sample default.rcf FileSWClientPolicy SWClientPolicy version=9.0 ConnectionsPeer Connection Peer Connection Connections /SWClientPolicy Creating the Silent Installation Troubleshooting the deafult.rcf FileSetup.exe -s -f1path\ResponseFile Playing Back the Silent InstallationUsing Setup.log to Check for Errors Setup.exe -sCommand Line Examples Command Line OptionsLog Viewer Messages Appendix E- Log Viewer MessagesDiffie-Hellman group generator length has not been set Failed to build dead peer detection packet Failed to construct quick mode hash payload Failed to find Oakley group specified in the SA payload Failed to set the Ipsec ESP attributes into the phase 2 SA Is not a valid XAuth status Info Peer certificate missing key value Received invalid message ID notify Sending phase 2 delete for SA lifetime for phase 2 is seconds Received an unencrypted packet when crypto active SonicWALL Global VPN Client 4.0 Administrator’s Guide SonicWALL, Inc Rev C, 10/07

none specifications

SonicWALL is a leading cybersecurity company that specializes in providing advanced network security solutions, primarily focused on firewalls and unified threat management. Established in 1991, SonicWALL has become synonymous with high-performance security and is particularly well-regarded for its adaptable solutions that cater to businesses of all sizes.

One of the main features of SonicWALL products is their next-generation firewall technology. These firewalls combine traditional firewall capabilities with modern security features such as intrusion prevention, malware protection, and content filtering. This enables businesses to comply with regulatory requirements while safeguarding their networks against ever-evolving cyber threats. SonicWALL's firewalls are equipped with advanced security protocols that offer deep packet inspection, allowing them to analyze the data flowing through the network meticulously.

SonicWALL's Cloud App Security is another significant component of its technology suite. This service secures cloud applications by providing essential tools that help protect against data breaches and insecure usage. Through broad compatibility with various cloud services, businesses can maintain security without sacrificing the efficiency and productivity benefits that cloud applications provide.

In terms of characteristics, SonicWALL emphasizes simplicity and ease of management. Their products are designed with intuitive user interfaces that simplify configuration and ongoing management. This allows even non-technical users to manage complex security protocols effectively. The SonicWALL Global Management System (GMS) enables centralized management for multiple appliances, ensuring that administrators can monitor their entire network security posture from a single dashboard.

SonicWALL also incorporates advanced threat detection technologies, including its Capture Advanced Threat Protection (ATP) service. Capture ATP leverages deep learning and sandboxing techniques to identify and isolate potential threats before they can affect the network. This proactive approach to security enables businesses to respond to new threats in real-time, enhancing overall protection.

Furthermore, SonicWALL offers scalable solutions, making it a suitable choice for both small businesses and large enterprises. Organizations can select from a range of appliances and services that can be easily scaled as their needs evolve. With a strong focus on customer support and continual innovation, SonicWALL remains a trusted partner in the sphere of network security. Overall, SonicWALL's blend of advanced features, user-friendly management, and robust technologies makes it a formidable player in the cybersecurity landscape.