Manualshelf

User's Manual Part 4

ManualsBrandsSonicwall ManualsElectronicsTA 170
12345678910
Page 30 SonicWALL SonicOS Standard Administrator’s Guide
Configuring GroupVPN with IKE using 3rd Party Certificates
To configure your GroupVPN policy with IKE using 3rd Party Certificates, follow these steps:
Alert!
Before configuring GroupVPN with IKE using 3rd Party Certificates, your certificates must be installed
on the SonicWALL.
1. In the VPN>Settings page click the Notepad icon under Configure. The VPN Policy window is
displayed.
General
2. In the Security Policy section, select IKE using 3rd Party Certificates from the IPSec Keying
Mode menu. The SA name is Group VPN by default and cannot be changed.
3. Select a certificate for the SonicWALL from the Gateway Certificate menu.
4. Select one of the following Peer ID types from the Peer ID Type menu.
E-Mail ID
Distinguished name
Domain name
5. Enter the Peer ID filter in the Peer ID Filter field.
6. Check All Only Peer Certificates Signed by Gateway Issuer to specify that peer certificates must
be signed by the issuer specified in the Gateway Certificate menu.
Proposals
7. Click on the Proposals tab.
8. In the IKE (Phase 1) Proposal section, select the following settings:
Group 2 from the DH Group menu.
3DES from the Encryption menu.
SHA1 from the Authentication menu.
Leave the default setting, 28800, in the Life Time (seconds) field. This setting forces the tunnel to
renegotiate and exchange keys every 8 hours.
9. In the IPSec (Phase 2) Proposal section, select the following settings:
ESP from the Protocol menu.
3DES from the Encryption menu.
MD5 from the Authentication menu.
Select Enable Perfect Forward Secrecy if you want an additional Diffie-Hellman key exchange as
an added layer of security. Then select Group 2 from the DH Group menu.
Leave the default setting, 28800, in the Life Time (seconds) field. This setting forces the tunnel to
renegotiate and exchange keys every 8 hours.
Advanced
Click on the Advanced tab and select any of the following optional settings that you want to apply to your
GroupVPN policy:
Enable Windows Networking (NetBIOS) broadcast - to allow access to remote network resources
by browsing the Windows Network Neighborhood.