Filter
Top Products
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
225
Site to Site VPN Configurations
can be used as a valid key. If this key is used, it must also be entered in the Authentication Key
field in the remote SonicWALL. If authentication is not used, this field is ignored.
11
Click on the Advanced tab. Select the optional configuration settings you want to apply to your
VPN policy from the Advanced Settings section.
Require authentication of local users - requires all outbound VPN traffic from this SA is from
an authenticated source.
Require authentication of remote users - requires all inbound VPN traffic for this SA is from
an authenticated user.
Enable Secure Wireless Bridging -
Enable Windows Networking (NetBIOS) broadcast - to allow access to remote network
resources by browsing the Windows
®
Network Neighborhood.
Apply NAT and Firewall Rules - This feature allows a remote site’s LAN subnet to be hidden
from the corporate site, and is most useful when a remote office’s network traffic is initiated to
the corporate office. The IPSec tunnel is located between the SonicWALL WAN interface and
the LAN segment of the corporation. To protect the traffic, NAT (Network Address Translation)
is performed on the outbound packet before it is sent through the tunnel, and in turn, NAT is
performed on inbound packets when they are received. By using NAT for a VPN connection,
computers on the remote LAN are viewed as one address (the SonicWALL public address)
from the corporate LAN.
Forward Packets to Remote VPNs - allows the remote VPN tunnel to participate in the
SonicWALL routing table. Inbound traffic is decrypted and can be forwarded to a remote site
via another VPN tunnel. Normally, inbound traffic is decrypted and only forwarded to the
SonicWALL LAN or a specific route on the LAN configured on the Routing page located in the
Network section. Enabling this feature allows a network administrator to create a “hub and
spoke” network configuration by forwarding inbound traffic to a remote site via a VPN security
association. To create a “hub and spoke” network, select the Forward Packets to Remote
VPNs check box.Traffic can travel from a branch office to a branch office via the corporate
office.
Default LAN Gateway - used at a central site in conjunction with a remote site using the Use
this VPN Tunnel as the default route for all internet traffic. Default LAN Gateway allows
the network administrator to specify the IP address of the default LAN route for incoming IPSec
packets for this VPN Policy. Incoming packets are decoded by the SonicWALL and compared
to static routes configured in the SonicWALL. Since packets can have any IP address
destination, it is impossible to configure enough static routes to handle the traffic. For packets
received via an IPSec tunnel, the SonicWALL looks up a route for the LAN. If no route is found,
the SonicWALL checks for a Default LAN Gateway. If a Default LAN Gateway is detected, the
packet is routed through the gateway. Otherwise, the packet is dropped.
VPN Terminated at the LAN, OPT/DMZ/WLAN, or LAN/OPT/DMZ/WLAN - Selecting this
option allows you to terminate a VPN tunnel on a specific destination instead of allowing the
VPN tunnel to terminate on the entire SonicWALL network. By terminating the VPN tunnel to a
specific destination, the VPN tunnel has access to a specific portion of the destination LAN or
OPT/DMZ/WLAN network.
12
Click OK to add the Manual Key VPN Policy to the SonicWALL.
Configuring a VPN Policy with IKE 3rd Party Certificate
S
Alert: You must have a valid certificate from a third party Certificate Authority installed on your
SonicWALL before you can configure your VPN policy with IKE using a third party certificate. See
Chapter 40, Managing Certificates for more information.
To create a VPN SA using IKE and third party certificates, follow these steps:
1
In the VPN > Settings page, click Add. The VPN Policy window is displayed.
2
In General tab, select IKE using 3rd Party Certificates.