Filter
Top Products
VPN > Settings
887
SonicOS 5.8.1 Administrator Guide
compared to static routes configured in the SonicWALL. Since packets can have any
IP address destination, it is impossible to configure enough static routes to handle the
traffic. For packets received via an IPsec tunnel, the SonicWALL looks up a route for
the LAN. If no route is found, the SonicWALL checks for a Default LAN Gateway. If a
Default LAN Gateway is detected, the packet is routed through the gateway. Otherwise,
the packet is dropped.
–
Enable OCSP Checking and OCSP Responder URL - Enables use of Online
Certificate Status Protocol (OCSP) to check VPN certificate status and specifies the
URL where to check certificate status. See the “Using OCSP with SonicWALL Security
Appliances” on page 915 in “VPN > Advanced” on page 913.
–
Require Authentication of VPN Clients via XAUTH - Requires that all inbound traffic
on this VPN policy is from an authenticated user. Unauthenticated traffic is not allowed
on the VPN tunnel.
–
User group for XAUTH users - Allows you to select a defined user group for
authentication.
–
All Unauthenticated VPN Client Access - Allows you to specify network segments for
unauthenticated Global VPN Client access.
Step 11 Click on the Client tab and select any of the following boxes that you want to apply to Global
VPN Client provisioning:
–
Cache XAUTH User Name and Password - Allows the Global VPN Client to cache the
user name and password. Select from:
• Never - Global VPN Client is not allowed to cache username and password. The
user will be prompted for a username and password when the connection is
enabled and also every time there is an IKE phase 1 rekey.
• Single Session - The user will be prompted for username and password each time
the connection is enabled and will be valid until the connection is disabled. This
username and password is used through IKE phase 1 rekey.
• Always - The user will be prompted for username and password only once when
connection is enabled. When prompted, the user will be given the option of caching
the username and password.
–
Virtual Adapter Settings - The use of the Virtual Adapter by the Global VPN Client
(GVC) is dependent upon a DHCP server, either the internal SonicOS or a specified
external DHCP server, to allocate addresses to the Virtual Adapter. In instances where
predictable addressing was a requirement, it is necessary to obtain the MAC address
of the Virtual Adapter, and to create a DHCP lease reservation. To reduce the
administrative burden of providing predictable Virtual Adapter addressing, you can
configure the GroupVPN to accept static addressing of the Virtual Adapter's IP
configuration. This feature requires the use of GVC version 3.0 or later.
• None - A Virtual Adapter will not be used by this GroupVPN connection.
• DHCP Lease - The Virtual Adapter will obtain its IP configuration from the DHCP
Server only, as configure in the VPN > DHCP over VPN page.
• DHCP Lease or Manual Configuration - When the GVC connects to the
SonicWALL, the policy from the SonicWALL instructs the GVC to use a Virtual
Adapter, but the DHCP messages are suppressed if the Virtual Adapter has been
manually configured. The configured value is recorded by the SonicWALL so that
it can proxy ARP for the manually assigned IP address. By design, there are
currently no limitations on IP address assignments for the Virtual Adapter. Only
duplicate static addresses are not permitted.