8
How many remote access VPN sessions are supported by the TZ 170 SP?
The TZ 170 SP does not ship with any Global VPN Client licenses preinstalled, and must be upgraded with
SonicWALL Global VPN Client licenses to accept incoming connections. It can support up to 50 concurrent remote
access VPN sessions, when properly licensed. Also note that the 25-node and Unrestriced-node license upgrades
also include 1 Global VPN Client license. The term “remote access VPN session” refers to an IPSec connection to
a unique remote SonicWALL Global VPN client.
How many site-to-site VPN policies are supported by the TZ 170 SP?
The TZ 170 SP supports 10 site-to-site VPN sessions. Please note that while the license will limit connections to
the number of unique remote peers, it does not limit the number of destination networks (phase two SA’s) that can
be negotiated for each remote peer (that number is only limited by the amount of free memory on the device). The
term “VPN policy” refers to an IPSec connection to a unique remote site-to-site VPN peer, such as another
SonicWALL device, or an IPSec-capable 3rd party device.
Can I use other third-party VPN clients to connect to the TZ 170 SP?
SonicWALL officially supports IPSec VPN connections to the TZ 170 SP with the older SonicWALL VPN Client
(versions 5.1.3 & 8.0) for Windows-based systems, the SonicWALL Global VPN Client (version 1.x and 2.x) for
Windows-based systems, the Equinux VPN Tracker (version 1.0.2) for Apple OSX 10.2-based systems, and the
Funk AdmitOne VPN Client (version 2.0) for PocketPC 2002-based systems. It may be possible to make a Manual
IPSec or IKE IPSec connection with other third-party clients, but SonicWALL does not endorse or support their use.
If the PDA is running Pocket PC 2003, you can use the built-in L2TP client to connect to the TZ 170 SP’s L2TP
server; however, this feature is only supported if the TZ 170 SP is running SonicOS 2.6 Standard or newer.
My GroupVPN policy is set for AES, and some of my Global VPN Clients cannot connect – why?
AES support is only in Global VPN Client version 2.0 and newer; version 1.0 does not support it. If you are mixing
1.x and 2.x clients, you will need to specify 3DES as the encryption method for phase 1 and phase 2.
Will VPN’s work across the analog modem connections?
Yes, in fact one of the primary uses of the TELE3 SP and the new TZ 170 SP is to provide a secondary
failover/failback path for VPN traffic when the primary WAN interface has failed. Since most ISP POPs assign
dynamic IP address information to connecting systems, it will be necessary to configure the VPN tunnels to use
Aggressive Mode and to use SonicWALL Identifiers as the IKE identities on both sides. It is also possible to disable
VPN traffic from traversing the analog modem when it is active, on a per-profile basis. This feature is used mainly
when the TZ 170 SP is dialing into a company-owned RAS server, where it would not be appropriate for the device
to attempt to re-establish its VPN tunnels, since dialing into the RAS servers may be providing direct connectivity to
the resources that the VPN tunnels had been created to reach.
What type of modem is in the TZ 170 SP?
It’s a 56K V.92 modem, and can be configured to connect at auto, 2400, 4800, 9600, 14400, 19200, 38400, and
57600 speeds, on a per-profile basis.
Can I dial into the TZ 170 SP?
No, this feature is not currently supported in any version of SonicOS for the TZ 170 SP, although SonicWALL is
investigating it for a future release.
Can the TZ 170 SP do dial-back?
No, this feature is not currently supported in any version of SonicOS for the TZ 170 SP, although SonicWALL is
investigating it for a future release.