Method Two - Sra Appliance On Dmz Interface - Dell SonicWall SRA 4200 Administrator's Manual

Method Two – SRA Appliance on DMZ Interface
This method is optional and requires that the PIX have an unused third interface, such as a PIX
515, PIX 525, or PIX 535. We will be using the default numbering scheme of the SRA appliance.
From a management system, log into the SRA appliance's management interface. By default
Step 1
the management interface is X0 and the default IP address is 192.168.200.1.
Navigate to the Network > Routes page and make sure the Default Gateway is set to
Step 2
192.168.200.2 When done, click on the Accept button in the upper-right-hand corner to save
and activate the change.
Navigate to the NetExtender > Client Addresses page. Enter 192.168.200.201 in the field
Step 3
next to Client Address Range Begin:, and enter 192.168.200.249 in the field next to Client
Address Range End:'. When done, click on the Accept button in the upper-right-hand corner
to save and activate the change.
Navigate to the NetExtender > Client Routes page. Add a client route for 192.168.100.0 and
Step 4
192.168.200.0.
Navigate to the Network > DNS page and enter your internal network's DNS addresses,
Step 5
internal domain name, and WINS server addresses. These are critical for NetExtender to
function correctly. When done, click on the Accept button in the upper-right-hand corner to
save and activate the change.
Navigate to the System > Restart page and click on the Restart... button.
Step 6
Install the SRA appliance's X0 interface on the unused DMZ network of the PIX. Do not hook
Step 7
any of the appliance's other interfaces up.
362 | SRA 6.0 Administrator's Guide
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
ntp server 192.43.244.18 source outside prefer
no snmp-server location
no snmp-server contact
snmp-server community SF*&^SDG
no snmp-server enable traps
floodguard enable
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 15
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 15
console timeout 20
dhcpd address 192.168.100.101-192.168.100.199 inside
dhcpd dns 192.168.100.10
dhcpd lease 600
dhcpd ping_timeout 750
dhcpd domain vpntestlab.com
dhcpd enable inside
terminal width 80
banner motd Restricted Access. Please log in to continue.
Cryptochecksum:422aa5f321418858125b4896d1e51b89
: end
tenaya#