Manuals / SonicWALL / Household Appliance / Home Security System

SonicWALL manual Configuring Dhcp over VPN Remote Gateway, 235

Models: 3

1 348

Download 348 pages 8.9 Kb

Page 254

VPN > DHCP over VPN

Configuring DHCP over VPN Remote Gateway

1Select Remote Gateway from the DHCP Relay Mode menu.

2Click Configure. The DHCP over VPN Configuration window is displayed.

3Select the VPN Security Association to be used for the VPN tunnel from the Relay DHCP through this VPN Tunnel menu.

SAlert: Only VPN Security Associations using IKE and terminate on the LAN appear in the Obtain using DHCP through this VPN Tunnel.

4The Relay IP address is used in place of the Central Gateway address, and must be reserved in the DHCP scope on the DHCP server. The Relay IP address can also be used to manage the SonicWALL remotely through the VPN tunnel behind the Central Gateway.

5The Remote Management IP Address, if entered, can be used to manage the SonicWALL remotely through the VPN tunnel behind the Central Gateway.

6If you enable Block traffic through tunnel when IP spoof detected, the SonicWALL blocks any traffic across the VPN tunnel that is spoofing an authenticated user’s IP address. If you have any static devices, however, you must ensure that the correct Ethernet address is entered for the device. The Ethernet address is used as part of the identification process, and an incorrect Ethernet address can cause the SonicWALL to respond to IP spoofs.

7If the VPN tunnel is disrupted, temporary DHCP leases can be obtained from the local DHCP server. Once the tunnel is again active, the local DHCP server stops issuing leases. Enable the Obtain temporary lease from local DHCP server if tunnel is down check box. By enabling this check box, you have a failover option in case the tunnel ceases to function. If you want to allow temporary leases for a certain time period, enter the number of minutes for the temporary lease in the Temporary Lease Time box. The default value is two (2) minutes.

SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE

235

Image 254

SonicWALL manual Configuring Dhcp over VPN Remote Gateway, 235

Contents

SonicOS Standard Administrators Guide Table of Contents Part 2 System Part 3 Network Part 4 Modem Part 5 Wireless Part 8 VPN Configuring Site to Site VPN Policies Using ViiPart 9 Users ViiiPart 11 Log Index Trademarks PrefaceCopyright Notice Limited Warranty XiiPage Organization of this Guide Part 11 Log Part 10 Security ServicesPart 9 Users About this GuideGuide Conventions Icons Used in this ManualNorth America Telephone Support More Information on SonicWALL Products and ServicesSonicWALL Technical Support International Telephone SupportCurrent Documentation XviiiIntroduction Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Introduction What’s New in SonicOS StandardSonicWALL Management Interface Navigating the Management Interface SonicWALL Management InterfaceNavigating Tables Status BarApplying Changes Logging Out Common Icons in the Management InterfaceGetting Help Introduction Internet Service Provider ISP Information Basic SonicWALL Security Appliance SetupSonicWALL Security Appliance Configuration Steps Collecting Required ISP InformationIf You Have a Static IP Address Other InformationIf You Have DSL SonicWALL Management InterfaceUsing the SonicWALL Setup Wizard SonicWALL TZ 170 SPSonicWALL TZ 50 Wireless/TZ 150 Wireless/TZ 170 Wireless Configuring a Static IP Address Internet ConnectionUsing the SonicWALL Setup Wizard Configuring a Dhcp Internet Connection Configuring a PPPoE Internet ConnectionConfiguring Pptp Internet Connectivity Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Configuring the TZ 170 SP using the Setup Wizard Configuring the WAN Network Mode Welcome to the SonicWALL Setup WizardChanging the Password Selecting the Deployment ScenarioConfiguring LAN Dhcp Settings Configuring WAN SettingsConfiguring LAN Settings Configuring Wlan 802.11b/g SettingsConfiguring Wlan 802.11b Settings Configuring the LAN SettingsConfiguring the LAN Dhcp Settings Configuring the WAN Network Mode Configuring the TZ 170 Wireless as a Secure Wireless Bridge Configuring Wlan Network Setting Configuring Secure Wireless Bridge SettingsRegistering Your SonicWALL Security Appliance Before You RegisterRegistering Your SonicWALL Security Appliance Registering Your SonicWALL Security ApplianceSonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide System Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide System Status Viewing System Status InformationSystem Status System Information WizardsSystem Messages Security Services Latest AlertsNetwork Interfaces SonicWALL TZ 50 WirelessSonicWALL TZ 150 Wireless SonicWALL Security Appliance Model Interfaces SonicWALL TZSystem Licenses System LicensesSystem Licenses Node License Exclusion List Node License StatusCurrently Licensed Nodes Security Services Summary Manage Security Services Online Manual Upgrade Manual Upgrade for Closed EnvironmentsFrom a Computer Connected to the Internet System Licenses System Administration Using System AdministrationSystem Administration Firewall Name Name/PasswordLogin Security Web Management Settings Four addresses or host names can be used Enable SnmpAdvanced Management Click OKEnable Management Using SonicWALL GMS Using System Administration Set Time Setting System TimeSystem Time System TimeNTP Settings Setting the SonicWALL Security Appliance TimeSettings Configuring System SettingsSystem Settings Import SettingsFirmware Management Export SettingsClick Export Settings New FirmwareSystem Information SafeMode Rebooting the SonicWALL Security ApplianceFirmware Management Settings Firmware Management System Diagnostics System DiagnosticsTech Support Report Generating a Tech Support ReportActive Connections Monitor Diagnostic ToolsActive Connections Monitor Settings CPU Monitor DNS Name LookupFind Network Path Packet TraceSelect Packet Trace from the Diagnostic tool menu Process Monitor Reverse Name ResolutionPing System Restart Network Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Network Settings Configuring Network SettingsNetwork Settings Setup Wizard InterfacesDNS Settings Interface Options by SonicWALL Security ApplianceConfiguring the WAN Interface Configuring Transparent ModeConfiguration Example Configuring the WAN InterfaceConfiguring NAT Enabled Configuring NAT with Dhcp ClientConfiguring NAT with PPPoE Client Configuring NAT with L2TP ClientConfiguring NAT with Pptp Client Configuring Ethernet Settings in WAN PropertiesConfiguring the WAN Interface Configuring Multiple LAN Subnets Configuring the LAN InterfaceBasic LAN Configuration Configuring the OPT Interface Configuring the OPT InterfaceConfiguring Ethernet Settings Configuring Transparent Mode Configuring the DMZ Interface Configuring the DMZ InterfaceConfiguring NAT Mode Select OPT in NAT ModeConfiguring Transparent Mode Select DMZ in NAT Mode Configuring the Modem Interface TZ 170 SPConfiguring the Modem Interface TZ 170 SP Modem Settings ProfilesSelect Enable WAN Failover FailoverAdvanced Activating the ModemSonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Sonicwall Sonicos Standard 3.0 ADMINISTRATOR’S Guide Network One-to-One NAT Configuring One-to-One NATSelect the Enable One-to-One NAT check box Network One-to-One NATClick Firewall, then Access Rules One-to-One NAT Configuration ExampleSelect Enable One-to-One NAT Allow Service Http Source WAN Configuring One-to-One NAT Network Web Proxy Configuring Web Proxy SettingsNetwork Web Proxy Forward OPT/DMZ/WLAN Client Requests to Proxy Server Configuring Automatic Web Proxy ForwardingBypass Proxy Servers Upon Proxy Failure Network Intranet Configuring Intranet SettingsNetwork Intranet Specified address ranges are attached to the LAN link InstallationIntranet Settings Specified address ranges are attached to the WAN linkNetwork Routing Configuring Static RoutesNetwork Routing Key terms Static Route Configuration ExampleStatic Routes SonicWALL LAN IP AddressRoute Advertisement Configuration Route AdvertisementRouting Table Network ARP Configuring Address Resolution Protocol SettingsNetwork ARP Secondary Subnets with Static ARP Adding a Secondary Subnet using the Static ARP MethodStatic ARP Entries Network ARP Prohibit Dynamic ARP Entries Navigating and Sorting the ARP Cache Table Flushing the ARP CacheConfiguring Address Resolution Protocol Settings Network Dhcp Server Configuring the Dhcp ServerDhcp Server Settings Network Dhcp ServerConfiguring Dhcp Server for Dynamic Ranges Dhcp Server Lease ScopesConfiguring Static Dhcp Entries 101Current Dhcp Leases Supported Ddns Providers Configuring Dynamic DNSNetwork Dynamic DNS Network Dynamic DNSAdditional Services offered by Dynamic DNS Providers Configuring Dynamic DNS 105106 Dynamic DNS Settings Table 107108 Modem 109110 Modem Status Viewing Modem StatusModem Status 111Modem Status Modem Settings Configuring Modem SettingsModem Settings 113Configuring Profile and Modem Settings Modem Failover Configuring Modem FailoverModem Failover Settings Modem FailoverConfiguring Modem Failover 117 Modem AdvancedModem Advanced Configuring Advanced Modem Settings Dial-Up Profiles Configuring Modem Dialup PropertiesModem Dialup Profiles Modem Dialup ProfilesModem Dialup Profiles Modem Profile Configuration Configuring a Dialup ProfileModem Dialup Profiles Modem Profile Configuration 121122 Chat Scripts 123Custom Chat Scripts Wireless 125126 LAN WAN 127Considerations for Using Wireless Connections Optimal Wireless Performance Recommendations Optimal Wireless Performance RecommendationsWireless Guest Services WGS 129MAC Filter List Wireless Node Count EnforcementWiFiSec Enforcement Wlan Network Settings Using the Wireless WizardWelcome to the SonicWALL Wireless Configuration Wizard Using the Wireless WizardWlan 802.11b Settings Wlan Security Settings133 WiFiSec VPN Client User AuthenticationWireless Guest Services Wireless Configuration Summary Updating the TZ 50 Wireless/TZ 150 Wireless/TZ 170 WirelessWireless Status Wireless StatusConfiguring Additional Wireless Features 135Wlan Settings Access Point Status137 Wlan StatisticsStation Status 138 Wireless Radio Mode Configuring Wireless SettingsWireless Settings Wireless SettingsWireless Settings Secure Wireless Bridging TZ 170 Only 141Configuring a Secure Wireless Bridge 143 Network Settings for the Example NetworkWireless Bridging without WiFiSec Advanced Configuration for both VPN Policies Select LAN for VPN Terminated atWireless Bridge VPN Policy 145146 Wireless WEP/WPA Encryption Configuring WEP and WPA EncryptionWireless WEP/WPA Encryption 147WEP Encryption Keys WEP Encryption SettingsWPA Encryption Settings 149 WPA-PSK SettingsWPA-EAP Settings WPA Settings Beaconing & Ssid Controls Wireless AdvancedWireless Advanced 151Configurable Antenna Diversity TZ 170 Wireless Wireless Client CommunicationsAdvanced Radio Settings 153 154 Wireless MAC Filter List Configuring the MAC Filter ListWireless MAC Filter List 155156 Wireless Bridge IDS Configuring Wireless IDSWireless IDS Wireless IDSRogue Access Point Detection Access Point IDSEnable Client Null Probing Association Flood DetectionAuthorizing Access Points on Your Network 159160 Wireless Guest Services 161162 163 WGS StatusWGS Status Viewing Wireless Guest Services Status WGS Settings Configuring Wireless Guest ServicesWGS Settings 165Bypass Filters for Guest Accounts Bypass Guest AuthenticationEnable Dynamic Address Translation DAT Enable IP Address Deny List for Authenticated Users Enable Smtp RedirectEnable URL Allow List for Authenticated Users 167Customize Login Check the Customize Login Page boxWGS Account Profiles Custom Post Authentication RedirectMaximum Concurrent Guests To add a profileAccount Lifetime Working with Guest Accounts Managing Wireless Guest AccountsWGS Accounts WGS AccountsAutomatically Generating Guest Accounts Account Profile Manually Configuring Wireless GuestsAccount Detail Printing 173Flexible Default Route Secure Access Point with Virtual Adapter SupportSecure Access Point with Wireless Guest Services 175176 Firewall 177178 Network Access Rules Overview Configuring Network Access RulesNetwork Access Rules Overview 179Using Bandwidth Management with Access Rules Firewall Access RulesConfiguring a Public Server Rule Restoring Default Network Access RulesAdding Rules using the Network Access Rule Wizard Navigating and Sorting the Access Rules Table EntriesConfiguring a General Network Access Rule 183 Adding Rules Using the Add Rule Window 185 Configuring Network Access Rules Click the Bandwidth tab Enabling Ping Blocking LAN Access for Specific ServicesRule Examples Select WAN from the Destination Ethernet menu188 Windows Networking NetBIOS Broadcast Pass Through Configuring Advanced Rule OptionsAccess Rules Advanced Access Rules AdvancedDetection Prevention TCP Connection Inactivity TimeoutAccess Rule Service Options Source Routed PacketsUser Defined Custom Services Configuring Custom ServicesFirewall Services Firewall ServicesPredefined Services VoIP Protocols Configuring VoIPFirewall VoIP Firewall VoIP323 SIPSettings Configuring the VoIP SettingsSIP Settings 195196 Firewall Connections Monitor Monitoring Active Firewall ConnectionsFirewall Connections Monitor 197Click Apply Filters Setting Filter LogicUsing Group Filters Source IP Priority && Category && Source && DestinationVPN 199200 SonicWALL VPN Options Overview Configuring VPN SettingsSonicWALL VPN Options Overview 201VPN Policies VPN SettingsVPN Global Settings Currently Active VPN Tunnels Configuring GroupVPN Policy on the SonicWALLConfiguring GroupVPN Policy on the SonicWALL Navigating and Sorting the VPN Policies EntriesConfiguring IKE Preshared Secret 205 206 207 Configuring GroupVPN with IKE 3rd Party Certificates 209 210 211 212 Export a GroupVPN Client Policy Site to Site VPN ConfigurationsSite to Site VPN Configurations Site-to-Site VPN DeploymentsRouter VPN Planning Sheet for Site-to-Site VPN PoliciesSite a Additional Information215 Creating a Typical IKE Preshared Secret VPN Policy Creating a Custom VPN Policy IKE with Preshared Secret 217Creating a Manual Key VPN Policy with the VPN Policy Wizard 219 220 221 Configuring a VPN Policy IKE with Preshared SecretTip The Shared Secret must be a minimum of four characters 222 223 Configuring a VPN Policy using Manual Key Select Manual Key from the IPSec Keying Mode menu225 Configuring a VPN Policy with IKE 3rd Party CertificateGeneral tab, select IKE using 3rd Party Certificates 226 227 228 VPN Advanced Configuring Advanced VPN SettingsAdvanced VPN Settings VPN AdvancedVPN User Authentication Settings 231 Select Enable VPN Bandwidth ManagementVPN Bandwidth Management Configuring Advanced VPN Settings VPN Dhcp over VPN Configuring Dhcp Over VPNDhcp Relay Mode VPN Dhcp over VPNConfiguring the Central Gateway for Dhcp Over VPN Configuring Dhcp over VPN Remote Gateway 235Current Dhcp over VPN Leases Device ConfigurationClick OK to exit the Dhcp over VPN Configuration window VPN L2TP Server Configuring L2TP Server SettingsVPN L2TP Server 237Adding L2TP Clients to the SonicWALL L2TP Server SettingsIP Address Settings Currently Active L2TP Sessions 239Configuring L2TP Server Settings SonicWALL Third-Party Digital Certificate Support Managing CertificatesDigital Certificates Overview Digital Certificates OverviewCertificate Details VPN Local CertificatesImporting Certificate with Private Key VPN Local Certificates Generating a Certificate Signing RequestDelete This Certificate Select Add New Local Certificate from the Certificates menuSelect Add New CA Certificate VPN CA CertificatesImporting CA Certificates into the SonicWALL Importing a CRL List Automatic CRL UpdateCertificate Revocation List CRL Click Browse for Please select a file to import246 Users 247248 Users Status User Level Authentication OverviewUser Level Authentication Overview 249Active User Sessions Users SettingsAuthentication Method Users Settings Global User SettingsInternet Authentication Exclusions 251Acceptable Use Policy 253 Configuring Radius AuthenticationSelect Use Radius for user authentication 254 255 256 Users Local Users Configuring Local UsersUsers Local Users 257Adding a Local User Security Services 259260 SonicWALL Security Services SonicWALL Security ServicesMySonicWALL.com Activating Free TrialsSecurity Services Summary Security Services SummarySecurity Services Summary Manage Licenses 263If Your SonicWALL Security Appliance is Not Registered Security Services SettingsSecurity Services Information 265 SonicWALL Content Filtering ServiceSonicWALL Content Filtering Service Activating SonicWALL Content Filtering Service Security Services Content FilterContent Filter Status 267 Activating a SonicWALL Content Filtering ServiceSecurity Services Content Filter Content Filter Type Restrict Web FeaturesConfiguring SonicWALL Filter Properties Configuring SonicWALL Filter PropertiesMessage to Display when Blocking Trusted DomainsKeyword Blocking Custom ListAllowed/Forbidden Domains Disable all Web traffic except for Allowed Domains 271Consent Adding a New Address Mandatory Filtered IP AddressesConsent Page URL mandatory filtering 273274 275 SonicWALL Network Anti-Virus OverviewSonicWALL Network Anti-Virus Overview Security Services Anti-Virus Activating SonicWALL Network Anti-Virus277 Security Services Anti-VirusActivating a SonicWALL Network Anti-Virus Free Trial Security Services E-Mail Filter Configuring SonicWALL Network Anti-VirusSonicWALL Gateway Anti-Virus Overview Managing SonicWALL Gateway Anti-Virus ServiceSonicWALL Gateway Anti-Virus Overview 279SonicWALL Gateway Anti-Virus/Intrusion Prevention Features Activating SonicWALL Gateway Anti-Virus 281Activating SonicWALL Gateway Anti-Virus Activating the SonicWALL Gateway Anti-Virus283 Configuring SonicWALL Gateway Anti-VirusConfiguring SonicWALL Gateway Anti-Virus 284 SonicWALL IPS Features Managing SonicWALL Intrusion Prevention ServiceSonicWALL Intrusion Prevention Service SonicWALL Intrusion Prevention ServiceSonicWALL Deep Packet Inspection How SonicWALL’s Deep Packet Inspection Architecture Works 287Security Services Intrusion Prevention Activating SonicWALL IPS289 Security Services Intrusion PreventionActivating the SonicWALL IPS Free Trial 290 SonicWALL Global Security Client Managing SonicWALL Global Security ClientSonicWALL Global Security Client 291SonicWALL Global Security Client Activation Global Security Client FeaturesHow SonicWALL Global Security Client Works Activating SonicWALL Global Security Client 293294 Log 295296 SonicOS Log Event Messages Overview Viewing Log EventsSonicOS Log Event Messages Overview 297Log View Navigating and Sorting Log View Table EntriesClear Log SonicOS Log EntriesRefresh Mail Log300 Log Categories Specifying Log CategoriesLog Categories Alerts & Snmp Traps Log Automation Configuring Log AutomationLog Automation 303Mail Syslog Servers305 306 Log Name Resolution Configuring Name ResolutionLog Name Resolution 307Specifying the DNS Server Selecting Name Resolution SettingsName Resolution Method list, select Log Reports Reset DataGenerating and Viewing Log Reports Data CollectionWeb Site Hits Bandwidth Usage by ServiceView Data Bandwidth Usage by IP AddressLog ViewPoint Log ViewPointSonicWALL ViewPoint 311Generating and Viewing Log Reports 313 SonicSetupSonicSetup Introduction and Discovery Device Selection315 DiagnosticsDiagnostics SonicROM Recovery Diagnostic Results317 SonicOS RecoverySonicOS Recovery Restoring Factory Defaults 319 Address SynchronizationAddress Synchronization 320 321 SonicWALL SafeModeSonicWALL SafeMode 322 323 Upgrading SonicOS FirmwareUpgrading SonicOS Firmware 324 Index Numerics326 VPN 327WPA, see WiFiSec Protected Access 232- 000609- 00 Rev E 02/05