Manualshelf

User's Manual

ManualsBrandsSonicWALL ManualsHome Safety ProductTZ 180
571572573574575576577578579580
VPN > Settings
574
SonicOS Enhanced 4.0 Administrator Guide
To create a VPN SA using IKE and third party certificates, follow these steps:
Step 1 In the VPN > Settings page, click Add. The VPN Policy window is displayed.
Step 2 In the Authentication Method list in the General tab, select IKE using 3rd Party
Certificates.The VPN Policy window displays the 3rd party certificate options.
Step 3 Type a Name for the Security Association in the Name field.
Step 4 Type the IP address or Fully Qualified Domain Name (FQDN) of the primary remote SonicWALL
in the IPsec Primary Gateway Name or Address field. If you have a secondary remote
SonicWALL, enter the IP address or Fully Qualified Domain Name (FQDN) in the IPsec
Secondary Gateway Name or Address field.
Step 5 Under IKE Authentication, select a third party certificate from the Local Certificate list. You
must have imported local certificates before selecting this option.
Step 6 Select one of the following Peer ID types from the Peer IKE ID Type menu:
E-Mail ID and Domain Name - The Email ID and Domain Name types are based on
the certificate's Subject Alternative Name field, which is not contained in all certificates
by default. If the certificate does not contain a Subject Alternative Name field, this filter
will not work. The E-Mail ID and Domain Name filters can contain a string or partial
string identifying the acceptable range required. The strings entered are not case
sensitive and can contain the wild card characters * (for more than 1 character) and ?
(for a single character). For example, the string *@sonicwall.com when E-Mail ID is
selected, would allow anyone with an email address that ended in sonicwall.com to
have access; the string *sv.us.sonicwall.com when Domain Name is selected, would
allow anyone with a domain name that ended in sv.us.sonicwall.com to have access.
Distinguished Name - Based on the certificates Subject Distinguished Name field,
which is contained in all certificates by default. Valid entries for this field are based on
country (c=), organization (o=), organization unit (ou=), and /or commonName (cn=).