Site to Site VPN Configurations
11Click the Advanced tab. Select any optional configuration options you want to apply to your VPN policy in the Advanced Settings section.
Enable Keep Alive - Select this setting if you want to maintain the current connection by listening for traffic on the network segment between the two connections. If multiple VPN tunnels are configured on the SonicWALL, select Try to bring up all possible tunnels to have the SonicWALL renegotiate the tunnels if they lose communication with the SonicWALL.
Require authentication of local users - requires all outbound VPN traffic from this SA is from an authenticated source.
Require authentication of remote users - requires all inbound VPN traffic for this SA is from an authenticated user. Select Remote users behind VPN gateway if remote users have a VPN tunnel that terminates on the VPN gateway. Select Remote VPN clients with XAUTH if remote users require authentication using XAUTH and are access the SonicWALL via a VPN clients.
Enable Secure Wireless Bridging - enables a WiFiSec VPN policy between SonicWALL wireless gateways.
Enable Windows Networking (NetBIOS) broadcast - to allow access to remote network resources by browsing the Windows® Network Neighborhood.
Apply NAT and Firewall Rules - This feature allows a remote site’s LAN subnet to be hidden from the corporate site, and is most useful when a remote office’s network traffic is initiated to the corporate office. The IPSec tunnel is located between the SonicWALL WAN interface and the LAN segment of the corporation. To protect the traffic, NAT
(Network Address Translation) is performed on the outbound packet before it is sent through the tunnel, and in turn, NAT is performed on inbound packets when they are
received. By using NAT for a VPN connection, computers on the remote LAN are viewed as one address (the SonicWALL public address) from the corporate LAN.
Forward Packets to Remote VPNs - allows the remote VPN tunnel to participate in the SonicWALL routing table. Inbound traffic is decrypted and can be forwarded to a remote site via another VPN tunnel. Normally, inbound traffic is decrypted and only forwarded to the SonicWALL LAN or a specific route on the LAN configured on the Routing page located in the Network section. Enabling this feature allows a network administrator to create a “hub and spoke” network configuration by forwarding inbound traffic to a remote site via a VPN security association. To create a “hub and spoke” network, select the Forward Packets to Remote
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE | 223 |