Filter
Top Products
VPN > Settings
559
SonicOS Enhanced 4.0 Administrator Guide
traffic. For packets received via an IPsec tunnel, the SonicWALL looks up a route for
the LAN. If no route is found, the SonicWALL checks for a Default LAN Gateway. If a
Default LAN Gateway is detected, the packet is routed through the gateway. Otherwise,
the packet is dropped.
–
Enable OCSP Checking and OCSP Responder URL - Enables use of Online
Certificate Status Protocol (OCSP) to check VPN certificate status and specifies the
URL where to check certificate status. See the “
Using OCSP with SonicWALL Security
Appliances” section in the “VPN > Settings” section on page 537.
–
Require Authentication of VPN Clients via XAUTH - Requires that all inbound traffic
on this VPN policy is from an authenticated user. Unauthenticated traffic is not allowed
on the VPN tunnel.
–
User group for XAUTH users - Allows you to select a defined user group for
authentication.
–
All Unauthenticated VPN Client Access - Allows you to specify network segments for
unauthenticated Global VPN Client access.
Step 11 Click on the Client tab and select any of the following boxes that you want to apply to Global
VPN Client provisioning:
–
Cache XAUTH User Name and Password - Allows the Global VPN Client to cache the
user name and password. Select from:
• Never - Global VPN Client is not allowed to cache username and password. The user will be
prompted for a username and password when the connection is enabled and also every time
there is an IKE phase 1 rekey.
• Single Session - The user will be prompted for username and password each time the
connection is enabled and will be valid until the connection is disabled. This username and
password is used through IKE phase 1 rekey.
• Always - The user will be prompted for username and password only once when connection is
enabled. When prompted, the user will be given the option of caching the username and
password.
–
Virtual Adapter Settings - The use of the Virtual Adapter by the Global VPN Client
(GVC) is dependent upon a DHCP server, either the internal SonicOS or a specified
external DHCP server, to allocate addresses to the Virtual Adapter. In instances where
predictable addressing was a requirement, it’s necessary to obtain the MAC address of
the Virtual Adapter, and to create a DHCP lease reservation. To reduce the
administrative burden of providing predictable Virtual Adapter addressing, you can
configure the GroupVPN to accept static addressing of the Virtual Adapter's IP
configuration. This feature requires the use of GVC version 3.0 or later.
• None - A Virtual Adapter will not be used by this GroupVPN connection.
• DHCP Lease - The Virtual Adapter will obtain its IP configuration from the DHCP Server only,
as configure in the VPN > DHCP over VPN page.
• DHCP Lease or Manual Configuration - When the GVC connects to the SonicWALL, the
policy from the SonicWALL instructs the GVC to use a Virtual Adapter, but the DHCP
messages are suppressed if the Virtual Adapter has been manually configured. The configured
value is recorded by the SonicWALL so that it can proxy ARP for the manually assigned IP
address. By design, there are currently no limitations on IP address assignments for the Virtual
Adapter. Only duplicate static addresses are not permitted.
–
Allow Connections to - Client network traffic matching destination networks of each
gateway is sent through the VPN tunnel of that specific gateway.