1
|
Click Wizards on the top-right corner of the SonicOS management interface. The Welcome page displays.
|
2
|
3
|
1
|
2
|
1
|
In the IKE Phase 1 Key Method page, you select the authentication key to use for this VPN policy:
|
•
|
Use default key: – All Global VPN Clients automatically use the default key generated by the firewall to authenticate with the SonicWALL.
|
•
|
Use this preshared key: You must distribute the key to every Global VPN Client because the user is prompted for this key when connecting to the WAN GroupVPN. Specify a custom preshared key in the Use this preshared key field; a default custom key is generated by the firewall, such ECE38B6AB8188A5D,
|
NOTE: If you select Use this preshared key and leave the generated value as the custom key, you must still distribute the key to your Global VPN clients.
|
2
|
1
|
In the Security Settings page, you select the security settings for IKE Phase 1 and IPSEC Phase 2. You can use the default settings. If you require more specific security settings, you can adjust the WAN GroupVPN VPN policy after this wizard is completed.
|
•
|
DH Group: The Diffie-Hellman (DH) group are the group of numbers used to create the key pair. Each subsequent group uses larger numbers to start with. You can choose:
|
•
|
•
|
Group 2 (default)
|
•
|
•
|
The VPN uses this during IKE negotiation to create the key pair.
•
|
Encryption: This is the method for encrypting data through the VPN Tunnel. The methods are listed in order of security:
|
•
|
DES – The least secure, but takes the least amount of time to encrypt and decrypt.
|
•
|
3DES (default)
|
•
|
•
|
•
|
AES-256 – The most secure, but takes the longest time to encrypt and decrypt.
|
The VPN uses this for all data through the tunnel.
•
|
Authentication: This is the hashing method used to authenticate the key, when it is exchanged during IKE negotiation. You can choose:
|
•
|
•
|
SHA-1 (default)
|
•
|
•
|
•
|
•
|
Life Time (seconds): This is the length of time the VPN tunnel stays open before needing to re-authenticate. The default is eight hours (28800).
|
2
|
1
|
To require VPN Users to authenticate with the firewall when they connect, select the Enable User Authentication checkbox; this option is selected by default.
|
NOTE: If you enable user authentication, the users must be entered in the SonicWALL database for authentication. Users are entered into the SonicWALL database on the Users > Local Users page, and then added to groups in the Users > Local Groups page.
|
2
|
•
|
Selected (enable) Enable User Authentication, you must select the user group which contains the VPN users from the Authenticate User Group Object drop-down menu. The default is Trusted Users.
|
•
|
Deselected (disabled) Enable User Authentication, you must select an address object or address group from the Allow Unauthenticated VPN Client Access drop-down menu. The default is Firewalled Subnets.
|
3
|
1
|
To use the SonicWALL’s internal DHCP server to assign each VPN client IP address from the LAN zone’s IP range, select the User Virtual IP Adapter checkbox.
|
NOTE: If the virtual adapter is enabled, the internal DHCP server is used, and a new DHCP range is created on interface X0 for 192.168.168.1-192.168.168.167.
|
2
|
1
|
The Configuration Summary page details the settings you configured for the GroupVPN.
|
2
|
Click Accept to complete the wizard and create your GroupVPN. A Storing Dell SonicWALL Configuration… message displays before the VPN Wizard Complete page displays.
|
1
|
Click Close to close the wizard.
|