Manualshelf

User's Manual

ManualsBrandsSonicWALL ManualsHome Safety ProductTZ 180
551552553554555556557558559560
VPN > Settings
555
SonicOS Enhanced 4.0 Administrator Guide
Management via this SA: - If using the VPN policy to manage the SonicWALL security
appliance, select the management method, either HTTP or HTTPS.
Default Gateway - Allows the network administrator to specify the IP address of the
default network route for incoming IPsec packets for this VPN policy. Incoming packets
are decoded by the SonicWALL and compared to static routes configured in the
SonicWALL security appliance. Since packets can have any IP address destination, it
is impossible to configure enough static routes to handle the traffic. For packets
received via an IPsec tunnel, the SonicWALL looks up a route. If no route is found, the
security appliance checks for a Default Gateway. If a Default Gateway is detected, the
packet is routed through the gateway. Otherwise, the packet is dropped.
Require Authentication of VPN Clients via XAUTH - Requires that all inbound traffic
on this VPN tunnel is from an authenticated user. Unauthenticated traffic is not allowed
on the VPN tunnel. he Trusted users group is selected by default. You can select
another user group or Everyone from User Group for XAUTH users.
Allow Unauthenticated VPN Client Access - Allows you to enable unauthenticated
VPN client access. If you uncheck Require Authentication of VPN Clients via
XAUTH, the Allow Unauthenticated VPN Client Access menu is activated. Select an
Address Object or Address Group from menu of predefined options, or select Create
new address object or Create new address group to create a new one.
Step 8 Click the Client tab, select any of the following settings you want to apply to your GroupVPN
policy.
Cache XAUTH User Name and Password on Client - Allows the Global VPN Client
to cache the user name and password.
Never - Global VPN Client is not allowed to cache the username and password. The user will
be prompted for a username and password when the connection is enabled, and also every time
there is an IKE Phase 1 rekey.
Single Session - Global VPN Client user prompted for username and password each time the
connection is enabled and will be valid until the connection is disabled. The username and
password is used through IKE Phase 1 rekey.