SonicWALL VPN

No votes yet

Introduction

SonicWALL is a manufacturer of firewalls, VPN concentrators, SSLVPN devices, and the like. The following was created on my NSA 3500 running SonicOS Enhanced 5.6.0.3-40o.

The built-in SonicWALL GroupVPN policy may be set up to allow connections from iOS devices. Unlike Cisco VPN and Juniper VPN devices, however, these cannot be configured to use certificate authentication, and cannot be configured for on-demand VPN access. However, for customers with existing SonicWALL infrastructure, this can be useful information.

To configure, we need to do the following steps:

  1. Set up the L2TP server
  2. Create a group with VPN access
  3. Assign users to this group
  4. Modify the built-in GroupVPN policy for iOS

L2TP

Under VPN > L2TP Server, enable the L2TP Server.

Then configure it with your DNS settings, and a new subnet for the address pool. Note that the SonicWALL will take care of routing this subnet to the VPN users. You should make sure this range does NOT overlap with any subnet currently in use on your network.

Group

In Users > Local Groups, create a new group for the VPN users.

The "VPN Access" tab is where you define local networks that GroupVPN clients may reach. By default these are blank. You must assign something here for VPN clients to reach something. "Firewalled Subnets" is a good choice, but you can be more specific if you like.

Users

In Users > Local Users, create one or more Local Users that will connect. If your SonicWALL is connected to a directory system you may duplicate usernames here in order to assign group memberships. Note that your authentication server must support CHAP authentication, and some don't.

Assign these users to the group you created above.

VPN

In the VPN menu, choose "Settings". Enable and edit the "WAN GroupVPN" policy.

Create a relatively secure Shared Secret for your users. As the name implies, all devices will use the same secret as a preliminary password.

In the "Proposals" tab, configure the VPN with the following settings. This is required by the relatively non-configurable iOS VPN client.

In the "Advanced" tab, tick "Require authentication of VPN clients by XAUTH."

Finally, in the "Client" tab, set up your settings as follows:

iOS Configuration

Create a VPN configuration like the following:

Backlinks

Recent Activity