Filter
Top Products
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
207
Configuring GroupVPN Policy on the SonicWALL
Single Session - The user will be prompted for username and password each time the
connection is enabled and will be valid until the connection is disabled. This username and
password is used through IKE phase 1 rekey.
Always - The user will be prompted for username and password only once when connection is
enabled. When prompted, the user will be given the option of caching the username and
password.
Virtual Adapter Settings - The use of the Virtual Adapter by the Global VPN Client (GVC) has
always been dependent upon a DHCP server, either the internal SonicOS or a specified external
DHCP server, to allocate addresses to the Virtual Adapter. In instances where predictable
addressing was a requirement, it was necessary to obtain the MAC address of the Virtual Adapter,
and to create a DHCP lease reservation. To reduce the administrative burden of providing
predictable Virtual Adapter addressing, you can configure the GroupVPN to accept static
addressing of the Virtual Adapter's IP configuration. This feature requires the use of GVC version
3.0 or later.
None - A Virtual Adapter will not be used by this GroupVPN connection.
DHCP Lease - The Virtual Adapter will obtain its IP configuration from the DHCP Server only,
as configure in the VPN > DHCP over VPN page.
DHCP Lease or Manual Configuration - When the GVC connects to the SonicWALL, the
policy from the SonicWALL instructs the GVC to use a Virtual Adapter, but the DHCP
messages are suppressed if the Virtual Adapter has been manually configured. The configured
value is recorded by the SonicWALL so that it can proxy ARP for the manually assigned IP
address. Note: By design, there are currently no limitations on IP address assignments for the
Virtual Adapter. Only duplicate static addresses are not permitted.
Allow Connections to - Specifies single or multiple VPN connections. The drop-down list
provides the following options:
This Gateway Only - Allows a single connection to be enabled at a time. Traffic that matches
the destination networks as specified in the policy of this gateway is sent through the VPN
tunnel. All other traffic is blocked. If this option is selected along with Set Default Route as this
Gateway, then the Internet traffic is also sent through the VPN tunnel. If this option is selected
without selecting Set Default Route as this Gateway, then the Internet traffic is blocked.
All Secured Gateways - Allows one or more connections to be enabled at the same time.
Traffic matching the destination networks of each gateway is sent through the VPN tunnel of
that specific gateway. If this option is selected along with Set Default Route as this Gateway,
then Internet traffic is also sent through the VPN tunnel. If this option is selected without
selecting Set Default Route as this Gateway, then the Internet traffic is blocked. Only one of the
multiple gateways can have Set Default Route as this Gateway enabled.
Split Tunnels - Allows the VPN user to have both local Internet access and VPN connectivity.
Set Default Route as this Gateway - If checked, Global VPN Client traffic that does not match
selectors for the gateway’s protected subnets must also be tunnelled. In effect, this changes the
Global VPN Client’s default gateway to the gateway tunnel endpoint. If unchecked, the Global
VPN Client must drop all non-matching traffic if Allow traffic to This Gateway Only or All Secured
Gateways is selected.
Require Global Security Client for this Connection - Allows a VPN connection from the remote
Global Security Client only if the remote computer is running the SonicWALL Distributed Security
Client, which provides policy enforced firewall protection.
Use Default Key for Simple Client Provisioning - If set, authentication of initial Aggressive
mode exchange uses a default Preshared Key by gateway and all Global VPN Clients. This allows
for the control of the use of the default registration key. If not set, then Preshared Key must be
distributed out of band.
6
Click OK.