Manuals / SonicWALL / Computer Equipment / Network Router

SonicWALL Internet Security Appliances manual Configuring NAT with L2TP Client

Models: Internet Security Appliances

1 293

Download 293 pages 54.59 Kb

Page 36

Restarting

Tip The final window provides important information to help configure the computers on the LAN. Click Print this Page to print this information.

The SonicWALL takes 90 seconds to restart. During this time, the yellow Test LED is lit. Click Close to exit the SonicWALL Wizard.

Configuring NAT with L2TP Client

This section describes configuring the SonicWALL in NAT with L2TP Client mode. You must have a single, static IP address to begin configuration. Follow the instructions below.

Tip Be sure to have your network information including your WAN IP address, subnet mask, and DNS settings ready. This information is obtained from your ISP.

1.Open a Web browser and enter the default SonicWALL IP address, 192.168.168.168, in the Location or Address fields.

2.The Login window appears. Enter admin in the User Name field, and password in the Password field.

3.Click Cancel on the initial Installation Wizard page to cancel the wizard.

4.Click Network in the General section.

5.Select NAT with L2TP Client from the Network Addressing Mode menu.

6.Enter 192.168.168.1 in the SonicWALL LAN IP Address field.

7.Enter 255.255.255.0 in the LAN Subnet Mask field.

8.If you obtain an IP address dynamically from the L2TP server, select Obtain an IP address using DHCP. The other fields in the WAN Settings are greyed out and are filled in when a connection is made to the L2TP server.

9.If you have WAN IP address information, select Use the specified IP address.

10.Enter the WAN IP address for the gateway in the WAN Gateway (Router) Address field.

11.Enter the WAN IP address for the SonicWALL in the SonicWALL WAN IP (NAT Public) Address field.

12.Enter your DNS IP address in the DNS Server field.

Configuring the Network Mode on the SonicWALL Page 37

Image 36

SonicWALL Internet Security Appliances manual Configuring NAT with L2TP Client

Contents

ADMINISTRATOR’S Guide Contents NAT with PPPoE Configuration Restarting the SonicWALL Status CLI Support and Remote ManagementRestrict Web Features 100 100101 103Viewing Network Access Rules 127 Services 128 Add a Known Service 130 Add a Custom ServiceDelete a Service 131 Rules Network Access Rule Logic List 133Intranet Settings 151 Proxy Relay 148 Web Proxy Forwarding149 Bypass Proxy Servers Upon Proxy Failure 149 Intranet 150Allow Dhcp Pass Through in Standard Mode 166 Allow Dhcp Pass Through in Standard Mode 173Configure Tab 181 Add/Modify IPSec Security Associations 166Advanced Settings for VPN Configurations 191 Configuration Changes 228Configuration Notes 233 190SonicWALL Authentication Service 235 234235 236Limited Warranty About this Guide Organization of this GuideSonicWALL Technical Support Firmware Version Icons Used in this ManualIntroduction Your SonicWALL Internet Security ApplianceInternet Security Content Filtering Logging and ReportingDynamic Host Configuration Protocol Dhcp Easy Installation and ConfigurationIPSec VPN Configuring the Network Mode on the SonicWALL Standard ModeNetwork Address Translation NAT Enabled NAT with PPPoE ClientSelect Standard from the Network Addressing Mode menu NAT with Dhcp ClientNAT with L2TP Client NAT with Pptp ClientConfiguring the SonicWALL in NAT Enabled Mode Accessing the WizardSetting the Password Connecting to the Internet Selecting Your Internet ConnectionConfirming Network Address Translation NAT Mode Selecting NAT Enabled ModeConfiguring WAN Network Settings Configuring LAN Network SettingsConfiguration Summary CongratulationsConfiguring NAT with PPPoE Client RestartingSetting the Password Connecting to the Internet Setting the User Name and Password for PPPoE Configuring the SonicWALL Dhcp Server Congratulations Configuring NAT with Dhcp Client Accessing the Installation WizardSetting the Time and Date Selecting Your Internet Connection Configuring LAN Network Settings Configuration Summary Configuring NAT with L2TP Client Configuring NAT with Pptp Client Setting the Time and Date Connecting to the Internet Setting the User Name and Password for Pptp Configuring the SonicWALL Dhcp Server Congratulations Logging into the SonicWALL Management Interface Configuring the Network Mode on the SonicWALL Registering at mySonicWALL.com Creating a New User AccountAccount Information Personal Information Registering at mySonicWALL.com Page Click Here Registration Quick Registration Status and Options Managing Your SonicWALL Renaming Your SonicWALLTransferring a SonicWALL Product Delete Product Managing Services for SonicWALL Internet Security Appliances Activating Services Using mySonicWALL.com Registering at mySonicWALL.com Configuring the TELE3 SP Modem Connection Configuring the TELE3 SP WAN Failover FeatureConfiguring Modem Profiles Dial-Up ConfigurationISP Settings Location SettingsConfiguring the TELE3 SP Modem Connection TELE3 SP Modem Configuration Modem SettingsFailover Settings Preempt ModeSelect Enable WAN Failover Select Enable Probing Primary InterfaceConfiguring a Modem Profile for Manual Dial-Up Configure Modem Settings Select None as the Secondary ProfileConfiguring the Modem Settings Tested Internet Service ProvidersStatus Modem StatusChat Scripts Custom Chat Scripts Managing Your SonicWALL Internet Security Appliance Https ManagementManaging Your SonicWALL Internet Security Appliance 74 SonicWALL Internet Security Appliance User’s Guide CLI Support and Remote Management 9600 bps Bits No parity No hand-shakingGeneral and Network Settings Network SettingsNetwork Addressing Mode Network Time AdministratorLAN Settings Multiple LAN Subnet Mask SupportSonicWALL LAN IP Address LAN Subnet MaskWAN Settings DNS SettingsWAN Gateway Router Address WAN/LAN Subnet MaskStandard Configuration NAT Enabled ConfigurationSonicWALL WAN Gateway Router Address is NAT with Dhcp Client Configuration NAT with PPPoE Configuration Select NAT with PPPoE from the Network Addressing Mode menuRestarting the SonicWALL NAT with L2TP Client Configuration Restarting the SonicWALL NAT with Pptp Client Configuration Restarting the SonicWALL Setting the Time and Date NTP SettingsConfiguring the Administrator Settings Administrator NameChange the Administrator Password Setting the Administrator Inactivity Timeout Login Failure HandlingView Log Log Settings Reports Logging and AlertsView Log SonicWALL Log Messages TCP, UDP, or Icmp packets droppedWeb, FTP, Gopher, or Newsgroup blocked ActiveX, Java, Cookie or Code Archive blockedLog Settings Configure the following settingsPage Log Categories Alerts/SNMP Traps ReportsVPN Tunnel Status Bandwidth Usage by Service Web Site HitsBandwidth Usage by IP Address SonicWALL ViewPoint Content Filtering and Blocking Configure URL List Customize ConsentConfiguring SonicWALL Content Filtering Restrict Web FeaturesBlock Message to display when a site is blocked List UpdatesURL List Trusted DomainsSettings Download Automatically everySelect Categories to Block Customizing the Content Filtering List Custom FilterTime of Day Filter Block ActionUser Idle Timeout is 5 minutes configure here ConsentMaximum Web usage Consent page URL Optional FilteringMandatory Filtered IP Addresses Consent Accepted URL Filtering OffConsent Accepted URL Filtering On Consent page URL Mandatory FilteringConfiguring N2H2 Internet Filtering Trusted Domains Settings Server Host Name or IP Address N2H2 Server StatusListen Port Reply PortConfiguring the Websense Enterprise Content Filter Trusted Domains Configuring the Websense Content Filter List SettingsWebsense Server Status Server PortURL Cache Restart Preferences Firmware Diagnostic Web Management ToolsExporting the Settings File PreferencesImporting the Settings File Restoring Factory Default SettingsClick Import in the Preferences tab Updating Firmware Updating Firmware Manually Upgrade Features Diagnostic Tools DNS Name LookupFind Network Path Select Ping from the Choose a diagnostic tool menu PingPacket Trace Select Packet Trace from the Choose a diagnostic tool menu Tech Support ReportGenerating a Tech Support Report Trace Route Network Access Rules Viewing Network Access RulesServices LAN OutWindows Networking NetBIOS Broadcast Pass Through Network Connection Inactivity TimeoutPublic LAN Server Windows Messenger SupportAdd Service Add a Known ServiceAdd a Custom Service Enable Logging Delete a ServiceRules Maximum Number of Rules by Product Product Maximum RulesNetwork Access Rule Logic List Bandwidth ManagementAdd a New Rule Select always from the Apply this rule menu Blocking LAN Access for Specific Services Add New Rule ExamplesEnabling Ping Select WAN from the Destination Ethernet menuCurrent Network Access Rules Table Enable/Disable a RuleRestore the Default Network Access Rules Edit a RuleUnderstanding the Access Rule Hierarchy Global User Settings UsersAdding and Removing a User Highlight -Add New User- in the Current User list boxUsers Currently Locked Out After Login Failures Current UsersUser Login Radius Radius ServersRadius Users Radius Client TestManagement SonicWALL Snmp Support Configuration of the Log/Log Settings for Snmp Configuration of the Service and Rules PagesSonicWALL Management Protocol Additional ManagementNetwork Access Rules Advanced Features Proxy Relay Web Proxy ForwardingConfiguring Web Proxy Relay Bypass Proxy Servers Upon Proxy FailureInstallation IntranetIntranet Configuration Intranet SettingsVPN Single-Armed Mode stand-alone VPN gateway Configuring a SonicWALL for VPN Single Armed Mode VPN Single Armed Mode SonicWALLRemote SonicWALL Corporate SonicWALL Routes LAN Route Advertisement Tip There is no route advertisement on the WANRIPv2 Authentication DMZ Route AdvertisementDMZ Addresses DMZ in Standard Mode DMZ in NAT ModeHomePort Configuration HomePort in Standard ModeDelete a DMZ Address Range HomePort in NAT Mode Delete a HomePort Address RangeSelect the Enable One-to-One NAT check box One-to-One NATOne-to-One NAT Configuration Example Select Enable One-to-One NAT and click UpdateWAN Link Settings Enable Bandwidth ManagementEthernet DMZ/WorkPort Link Settings LAN/HomePort Link SettingsMTU Settings Proxy Management workstation ethernet address on WANSonicWALL Bandwidth Management How SonicWALL Bandwidth Management WorksRule Service Priority Guaranteed Maximum Examples of Bandwidth Management RulesSetup Allow Dhcp Pass Through in Standard ModeSetup Dhcp over VPN Status Dhcp ServerConfiguring the SonicWALL Dhcp Server Select the Enable Dhcp ServerDhcp Relay Mode Deleting Dynamic Ranges and Static EntriesDhcp over VPN Configuring the Central Gateway for VPN over Dhcp Configuring the Remote Gateway for VPN over DhcpSelect Central Gateway from the Dhcp Relay Mode menu Select Remote Gateway from the Dhcp Relay Mode menu LAN IP AddressesLAN Device Configuration Dhcp Status Dhcp Server on the SonicWALL TELE3 TZ and TZX Configuring the SonicWALL Dhcp Server Deleting Dynamic Ranges and Static Entries Dhcp Status SonicWALL VPN Global VPN Settings VPN Management Interface Summary TabVPN Bandwidth Management VPN PoliciesCurrently Active VPN Tunnels SonicWALL NAT Traversal Support AES Advanced Encryption Standard SupportConfigure Tab Add/Modify IPSec Security Associations Disabling Security AssociationsSecurity Policy Settings Security Policy Settings for Group VPNSecurity Policy Settings for IKE using Pre-shared Secret AES support is available only on the PRO 230 and PRO Security Policy Settings using Manual Key Accessing Remote Resources across a Virtual Private Network Destination NetworksAdding Destination Networks Modifying and Deleting Existing Security AssociationsAdvanced Settings Enable Keep AliveTry to bring up all possible SAs Require authentication of local users Require authentication of remote usersEnable Windows Networking NetBIOS broadcast Apply NAT and firewall rulesEnable Perfect Forward Secrecy Phase 2 DH GroupDefault LAN Gateway Route all internet traffic through this SAVPN Terminated at the LAN, DMZ, or LAN/DMZ Advanced Settings for VPN Configurations IKE usingConfiguring SonicWALL VPN SonicWALL VPN Page Group VPN Client Setup Installing the VPN Client SoftwareGroup VPN Client Configuration Page SonicWALL VPN Verifying the VPN Tunnel as Active SonicWALL VPN Configuring the VPN Client Configuring VPN Security and Remote Identity Select the Connect using Secure Gateway Tunnel check boxLaunching the SonicWALL VPN Client Configuring VPN Client Identity Configuring VPN Client Security PolicySelect None from the Select Certificate menu Configuring VPN Client Key Exchange Proposal Select the Encapsulation Protocol ESP check boxConfiguring Inbound VPN Client Keys Configuring Outbound VPN Client KeysSaving SonicWALL VPN Client Settings Click Inbound Keys. The Inbound Keying Material box appearsVerifying the VPN Client Icon in the System Tray IKE and Manual Key Configuration for Two SonicWALLs Manual Key for Two SonicWALLsSonicWALL VPN Configuring the Second SonicWALL Appliance Example of Manual Key Configuration for Two SonicWALLsSelect Strong Encrypt ESP 3DES as the Encryption Method Configuring the Remote SonicWALL Enter the Encryption Key from the Main Office configurationPage IKE Configuration for Two SonicWALLs Select Group 1 from the Phase 1 DH Group menuPage Example of IKE Configuration for Two SonicWALLs Configuring a SonicWALL PRO 200 in ChicagoSelect 3DES & SHA1 from the Phase 1 DH Group menu Configuring a SonicWALL TELE3 in San Francisco Select Group 2 from the Phase 1 DH Group menu SonicWALL Third Party Digital Certificate Support VeriSign EntrustOverview of Third Party Digital Certificate Support Version 3 Certificate StandardImporting CA Certificates into the SonicWALL Certificate DetailsImporting Certificate with private key Certificate Revocation List CRLCreating a Certificate Signing Request Importing a Signed Local CertificateClick VPN, then Local Certificates Click Import CertificateSonicWALL Enhanced VPN Logging Testing a VPN Tunnel Connection Using Ping Configuring Windows Networking SonicWALL VPN Page Before Configuring High Availability Network Configuration for High Availability PairHigh Availability Configuring High Availability on the Primary SonicWALL High Availability Configuration Changes High Availability Status High Availability Status Window Mail Alerts Indicating Status Change Forcing Transitions Configuration Notes SonicWALL Options and Upgrades SonicWALL VPN ClientSonicWALL Network Anti-Virus Content Filter List Subscription Vulnerability Scanning ServiceSonicWALL Authentication Service SonicWALL ViewPoint Reporting SonicWALL Global Management SystemContact Your Reseller or SonicWALL Hardware Descriptions SonicWALL PRO 230 and PRO 330 Front PanelSonicWALL PRO 230 and PRO 330 Front Panel Description Reset Switch Power SwitchesPower Inputs SonicWALL PRO 230 and PRO 330 Rear Panel DescriptionSonicWALL PRO 200 and PRO 300 Front Panel SonicWALL PRO 200 and PRO 300 Front Panel DescriptionPower Input Power SwitchSonicWALL PRO 200 and PRO 300 Back Panel SonicWALL PRO 200 and PRO 300 Back Panel DescriptionSonicWALL PRO 100 Front Panel SonicWALL PRO 100 Front Panel Description100 SonicWALL PRO 100 Back Panel SonicWALL PRO 100 Back Panel DescriptionSonicWALL TELE3 SP Front Panel SonicWALL TELE3 SP Front Panel DescriptionModem CLI Command Line Interface Port SonicWALL TELE3 SP Back PanelSonicWALL TELE3 SP Back Panel Description TELE3 SP Modem PortSonicWALL TELE3 TZ Front Panel SonicWALL TELE3 TZ Front Panel DescriptionSonicWALL TELE3 TZ Back Panel SonicWALL TELE3 TZ Back Panel DescriptionSonicWALL TELE3 TZX Front Panel SonicWALL TELE3 TZX Front Panel DescriptionSonicWALL TELE3 TZX Back Panel l SonicWALL TELE3 TZX Back Panel DescriptionSonicWALL SOHO3 and TELE3 Front Panel SonicWALL SOHO3 and TELE3 Front Panel DescriptionSonicWALL SOHO3 and TELE3 Back Panel SonicWALL SOHO3 and TELE3 Back Panel DescriptionSonicWALL GX 250 and GX 650 Front Panel SonicWALL GX250 and GX 650 Front Panel DescriptionSonicWALL GX250 Front Panel SonicWALL GX 650 Front PanelAlarm Reset Button SonicWALL GX 250 and GX 650 Back Panel DescriptionTroubleshooting Guide Computer on the LAN cannot access the InternetSonicWALL does not establish authenticated sessions Link LED is offDuplicate IP address errors VPN tunnel problemsSonicWALL does not save changes that you have made Machines on the WAN are not reachableAppendix a Technical Specifications AppendicesAppendix B SonicWALL Support Solutions Knowledge BaseInternet Security Expertise SonicWALL SupportSonicWALL Support Services Features and Benefits SonicWALL Super SonicWALL Warranty SupportWarranty Support North America Warranty Support International SonicWALL Support SonicWALL Support Appendix C Introduction to Networking Network Hardware ComponentsNetwork Types FirewallsNetwork Protocols IP address Subnet mask Default gateway IP AddressingIP Address Default Gateway Network Address Translation NATNodes Subnet MaskAppendices Appendix D IP Port Numbers Well Known Port NumbersRegistered Port Numbers Appendix E Configuring TCP/IP Settings Click DNS ConfigurationWindows Windows NT Windows Windows XP Open the Local Area Connection Properties windowMacintosh OS Appendix F Basic VPN Terms and Concepts Authentication Header AH Internet Key Exchange IKEManual Key Shared SecretPage Data Encryption Standard DES ARCFourStrong Encryption Triple DES Security Parameter Index SPILocating the Reset button on your SonicWALL Appendix G- Erasing the FirmwareErasing the Firmware for all Models Appendix H- Mounting the SonicWALL PRO 200 and PRO Appendix I Configuring Radius and ACE Servers Steel Belted Radius Funk SoftwareConfiguring User Privileges Open the ACE Server Database Administrator programACE Server RSA Internet Authentication Service Windows NT/2000 Server Open IAS, and select Remote Access PoliciesACS Server Cisco Radius Attributes Dictionary Page Appendices Page Appendices Page Appendices Index Dynamic Host Configuration Protocol Dhcp Dynamic Ranges 167 Page Index 232- 000291 Rev a 11