This article is also available as a TechRepublic download.

Hundreds
of thousands of organizations turn to SonicWALL
hardware to fulfill their firewall and network switching needs. SonicWALL firewalls also power effective VPN connections,
providing secure remote access for everyone from mobile employees to executive
staff.

Here
are the most common steps required for configuring SonicWALL VPN connections. While
this article describes administering SonicWALL VPN
tunnels using the manufacturer’s popular PRO 1260 series router, the steps are
quite similar for other SonicWALL models, too.

Essentially,
there are three steps to the process: Configuring the SonicWALL
firewall, creating VPN user accounts and installing and configuring the SonicWALL Global VPN Client.

Configuring the router

SonicWALL’sGroupVPN service simplifies
configuring secure remote connections. Enable SonicWALLGroupVPN using the SonicWALL
VPN Wizard by following these steps:

  1. Log in to the SonicWALL
    device.
  2. Click on the VPN button.
  3. Click the VPN Policy Wizard button; the Welcome To TheSonicWALL VPN Wizard
    screen will appear.
  4. Click Next.
  5. Specify whether you wish to create a Site-to-Ste VPN
    (such as you might wish to do when connecting a SonicWALL
    wireless router to another SonicWALL device) or
    a WAN GroupVPN (to enable incoming VPN
    connections to the SonicWALL firewall). In this
    example we’re creating VPN connections to enable remote employee access,
    so we need to select the WAN GroupVPN radio
    button and click the Next button. (Figure
    A
    )

Figure A

Administrators must specify whether a site-to-site or WAN GroupVPN policy is to be created.

  1. The IKE Phase 1 Key Method screen appears. Specify
    whether you wish to use a default key or use a preshared
    key. Make a note of the preshared key if you
    select that option, then click Next.
  2. The Security Settings menu appears. In addition to
    specifying the encryption and authentication methods, drop-down boxes
    appear for specifying the DH (Diffie-Hellman)
    key group (SonicWALL devices support groups 1, 2
    and 5) and Life Time. Typically SonicWALL’s
    default settings work well for most organizations.
  3. After clicking Next, the User
    Authentication menu appears. Administrators must specify whether user
    authentication should be implemented. Ensure the Enable User
    Authentication box is checked and select Trusted Users to ensure only the
    trusted users you specify later can connect to the organization’s network
    using the SonicWALL VPN. Then, click Next.
  4. The Configure Virtual IP Adapter menu appears next. The
    Virtual IP Adapter is used to obtain special IP addresses when connecting
    to the SonicWALL device, enabling the client to
    appear to be on the internal LAN. Check the box if you wish to enable the
    Virtual IP Adapter and click Next.
  5. The WAN GroupVPN
    Configuration Summary menu appears. The confirmation screen reviews the
    settings that will be implemented upon clicking the Apply button. Click
    the Apply button to finish enabling the VPN settings.
  6. The SonicWALL device will
    store the SonicWALL configuration, then display
    a congratulatory message stating the SonicWALL
    VPN Wizard completed successfully.
  7. While the SonicWALL creates
    the VPN, it doesn’t enable it by default. Log back in to the SonicWALL device and click the SonicWALL’s
    VPN button, and then check the Enable box to activate the VPN. (Figure B)

Figure B

Don’t forget to enable VPN policies from the VPN | Settings screen on the SonicWALL device.

You
can edit a VPN’s settings and configuration at any
time by logging in to the SonicWALL router, clicking
VPN and clicking the Configure icon (the pencil and paper symbol) associated
with each VPN entry.

Specifying authorized VPN users

The
next step is to specify those users authorized to access the VPN. To do so:

  1. Log in to the SonicWALL
    device.
  2. Click the Users button.
  3. Click the Local Users button.
  4. Click the Add button.
  5. Within the Settings tab, enter the user’s name, a
    password and any comments to help identify the user account. (Figure C)

Figure C

Supply user information on the Settings tab.

  1. From the Groups tab, specify group memberships for the
    user.
  2. From the VPN Access tab, specify the networks you wish
    the user to access. (Figure D)

Figure D

A wide variety of network options exist; make your
selections by highlighting entries and clicking the corresponding arrow
buttons.

  1. Click OK to complete the user configuration.

Figure E

Once a user account is created, the entry will appear within the SonicWALL’s Users | Local Users screen, as shown here.

You
can make edits to the user’s account (Figure
E
) at any time by clicking the Configure icon (the pencil and paper symbol)
associated with each user’s account within the SonicWALL’s
Users | Local Users menu.

Installing the SonicWALL Global VPN Client

Now
you’re ready to install the SonicWALL Global VPN
Client software on the end user’s system. Follow these steps to configure the
end user client:

  1. Download (from www.mysonicwall.com
    or the CD-ROM supplied with the SonicWALL
    device) the SonicWALL Global VPN Client
    executable. Once you’ve downloaded the file, double-click it to begin
    installing the VPN client.
  2. The Preparing Setup window will appear. When it
    completes, the Welcome To TheSonicWALLInstallshield Wizard menu will display. Click
    Next.
  3. Next you’ll see a warning message indicating that
    antivirus and firewall programs must be disabled to install the SonicWALL Global VPN Client. Disable any such programs
    and click Next.
  4. Read the license agreement, then select the I Accept The Terms Of The License Agreement radio button and
    click Next.
  5. Specify the location of the SonicWALL
    Global VPN Client. By default, SonicWALL’sInstallshield will place the files in the C:\Program Files\SonicWALL
    Global VPN Client
    directory. Click Next to proceed (or click the Browse
    button, specify the directory you wish to use, and then click Next).
  6. Click Install to install the SonicWALL
    Global VPN Client in the directory you specified in the last step.
  7. The Setup program will install the VPN client, tracking
    its progress as it completes. When it finishes, it will display the SonicWALL Global VPN Client Setup Complete screen,
    which will include two checkboxes (Figure
    F
    ). Check the respective boxes if you wish to start the VPN client
    automatically when users log in and launch the program immediately upon
    completing the wizard. Then, click Finish.

Figure F

Check the supplied boxes to automatically start the VPN connection when
users log in and to launch the program immediately upon completing setup.

  1. Windows Firewall may block the SonicWALL
    Global VPN Client. If Windows Firewall presents a warning message, click
    Unblock.
  2. The New Connection Wizard will appear. Click Next.
  3. The Choose Scenario menu displays next. Specify whether
    you wish to implement Remote Access or an Office Gateway. Choose Office
    Gateway if you’re connecting two SonicWALL
    devices. Choose Remote Access if you wish to enable secure connectivity
    for remote staff. As we’re enabling remote access, we’ll choose that
    option and click Next. (Figure G)

Figure G

Specify whether the VPN connection is being used to provide remote access
or to connect two SonicWALL devices (Office Gateway).

  1. Specify the SonicWALL’s IP
    address or domain name, provide a connection name and click Next.
  2. The Completing The New
    Connection Wizard menu appears next. Check the appropriate boxes to create
    a desktop shortcut for the new connection and automatically enable the
    connection whenever the end user launches the SonicWALL
    Global VPN Client. Then, click Finish.

The SonicWALL Global VPN Client is then created. To connect to
the VPN, end users need only double-click the SonicWALL
Global VPN Client and enter any required credentials. As with configuring VPNs and end users, the end user can edit a VPN
connection’s settings and configuration at any time by right-clicking it from
within the SonicWALL Global VPN Client window and
selecting Properties.

Subscribe to the Developer Insider Newsletter

From the hottest programming languages to commentary on the Linux OS, get the developer and open source news and tips you need to know. Delivered Tuesdays and Thursdays

Subscribe to the Developer Insider Newsletter

From the hottest programming languages to commentary on the Linux OS, get the developer and open source news and tips you need to know. Delivered Tuesdays and Thursdays