Sonicwall firewall Configure remote user access SSL VPN
From Notes_Wiki
Home > Enterprise security devices or applications > Sonicwall firewall > Sonicwall firewall Configure remote user access SSL VPN
To configure remote access SSL VPN with Sonicwall firewall use:
- Identify a public WAN interface with static IP for configuring remote access VPN. Note the interface name and public IP.
- Go to Manage -> Connecitivity -> VPN -> Base settings
- Click on Add to create a new VPN settings for selected ISP public IP
- In General
- Choose "Policy Type" as Tunnel Interface
- Choose "Authentication Method" as "IKE using Preshared Secret"
- Enter appropriate Name
- For "IPSec Primary Gateway Name or Address" enter ISP public IP noted earlier
- In "IKE Authentication" enter random string for Shared secret and exactly same again for "Confirm shared secret"
- Users would have to give this "Shared secret" while connecting to VPN before authenticating with username/password
- For both "Local IKE ID" and "Peer IKE ID" leave "IPv4 Address" selected
- In Proposals:
- In IKE Phase 1 proposal choose IKEv2 mode, Group 5, AES-256, SHA256 and 28800
- In Ipsec Phase 2 poropsal use ESP, AES-256, SHA256, Enable perfect forward secrecy - Group 5 and 28800
- In Advanced Enable only these
- Enable keep-alive
- User login via this SA : Both http and https
- VPN bound to interface : Select ISP interface noted in first step
- Click "Add/ok" to add
- Test by connecting from outside organization eg mobile hotspot
Home > Enterprise security devices or applications > Sonicwall firewall > Sonicwall firewall Configure remote user access SSL VPN