Configuring GroupVPN Policy on the SonicWALL

ŠSingle Session - The user will be prompted for username and password each time the connection is enabled and will be valid until the connection is disabled. This username and password is used through IKE phase 1 rekey.

ŠAlways - The user will be prompted for username and password only once when connection is enabled. When prompted, the user will be given the option of caching the username and password.

Virtual Adapter Settings - The use of the Virtual Adapter by the Global VPN Client (GVC) has always been dependent upon a DHCP server, either the internal SonicOS or a specified external DHCP server, to allocate addresses to the Virtual Adapter. In instances where predictable addressing was a requirement, it was necessary to obtain the MAC address of the Virtual Adapter, and to create a DHCP lease reservation. To reduce the administrative burden of providing predictable Virtual Adapter addressing, you can configure the GroupVPN to accept static addressing of the Virtual Adapter's IP configuration. This feature requires the use of GVC version 3.0 or later.

ŠNone - A Virtual Adapter will not be used by this GroupVPN connection.

ŠDHCP Lease - The Virtual Adapter will obtain its IP configuration from the DHCP Server only, as configure in the VPN > DHCP over VPN page.

ŠDHCP Lease or Manual Configuration - When the GVC connects to the SonicWALL, the policy from the SonicWALL instructs the GVC to use a Virtual Adapter, but the DHCP messages are suppressed if the Virtual Adapter has been manually configured. The configured value is recorded by the SonicWALL so that it can proxy ARP for the manually assigned IP address. Note: By design, there are currently no limitations on IP address assignments for the Virtual Adapter. Only duplicate static addresses are not permitted.

Allow Connections to - Specifies single or multiple VPN connections. The drop-down list provides the following options:

ŠThis Gateway Only - Allows a single connection to be enabled at a time. Traffic that matches the destination networks as specified in the policy of this gateway is sent through the VPN tunnel. All other traffic is blocked. If this option is selected along with Set Default Route as this Gateway, then the Internet traffic is also sent through the VPN tunnel. If this option is selected without selecting Set Default Route as this Gateway, then the Internet traffic is blocked.

ŠAll Secured Gateways - Allows one or more connections to be enabled at the same time. Traffic matching the destination networks of each gateway is sent through the VPN tunnel of that specific gateway. If this option is selected along with Set Default Route as this Gateway, then Internet traffic is also sent through the VPN tunnel. If this option is selected without selecting Set Default Route as this Gateway, then the Internet traffic is blocked. Only one of the multiple gateways can have Set Default Route as this Gateway enabled.

ŠSplit Tunnels - Allows the VPN user to have both local Internet access and VPN connectivity.

Set Default Route as this Gateway - If checked, Global VPN Client traffic that does not match selectors for the gateway’s protected subnets must also be tunnelled. In effect, this changes the Global VPN Client’s default gateway to the gateway tunnel endpoint. If unchecked, the Global VPN Client must drop all non-matching traffic if Allow traffic to This Gateway Only or All Secured Gateways is selected.

Require Global Security Client for this Connection - Allows a VPN connection from the remote Global Security Client only if the remote computer is running the SonicWALL Distributed Security Client, which provides policy enforced firewall protection.

Use Default Key for Simple Client Provisioning - If set, authentication of initial Aggressive mode exchange uses a default Preshared Key by gateway and all Global VPN Clients. This allows for the control of the use of the default registration key. If not set, then Preshared Key must be distributed out of band.

6Click OK.

SONICWALL SONICOS STANDARD 3.0 ADMINISTRATORS GUIDE

207

Page 226
Image 226
SonicWALL 3 manual 207