Filter
Top Products
206
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
C
HAPTER
36:
Configuring VPN Settings
Forward Packets to Remote VPNs - allows the remote VPN tunnel to participate in the
SonicWALL routing table. Inbound traffic is decrypted and can be forwarded to a remote site via
another VPN tunnel. Normally, inbound traffic is decrypted and only forwarded to the
SonicWALL LAN or a specific route on the LAN configured on the Routing page located in the
Network section. Enabling this feature allows a network administrator to create a “hub and
spoke” network configuration by forwarding inbound traffic to a remote site via a VPN security
association. To create a “hub and spoke” network, select the Forward Packets to Remote
VPNs check box.Traffic can travel from a branch office to a branch office via the corporate
office.
Default LAN Gateway - used at a central site in conjunction with a remote site using Use this
VPN Tunnel as default route for all Internet traffic. Default LAN Gateway allows the
network administrator to specify the IP address of the default LAN route for incoming IPSec
packets for this SA. Incoming packets are decoded by the SonicWALL and compared to static
routes configured in the SonicWALL. Since packets can have any IP address destination, it is
impossible to configure enough static routes to handle the traffic. For packets received via an
IPSec tunnel, the SonicWALL looks up a route for the LAN. If no route is found, the SonicWALL
checks for a Default LAN Gateway. If a Default LAN Gateway is detected, the packet is routed
through the gateway. Otherwise, the packet is dropped.
VPN Terminated at the LAN, OPT/DMZ/WLAN, or LAN/OPT/DMZ/WLAN - Selecting this
option allows you to terminate a VPN tunnel on a specific destination instead of allowing the
VPN tunnel to terminate on the entire SonicWALL network. By terminating the VPN tunnel to a
specific destination, the VPN tunnel has access to a specific portion of the destination LAN or
OPT/DMZ/WLAN network.
Require Authentication of VPN Clients via XAUTH - requires that all inbound traffic on this
SA is from an authenticated user. Unauthenticated traffic is not allowed on the VPN tunnel.
5
Click the Client tab. Select any of the following settings you want to apply to your GroupVPN
policy.
Cache XAUTH User Name and Password - Allows Global VPN Client to cache any username
and password required for XAUTH user authentication. The drop-down list provides the following
options:
Never - Global VPN Client is not allowed to cache username and password. The user will be
prompted for a username and password when the connection is enabled and also every time
there is an IKE phase 1 rekey.