Vpn Third Party Digital Certificate Support - SonicWALL TELE3 SP Administrator's Manual

Internet security appliance

Hide thumbs Also See for TELE3 SP:

Installation manual (78 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

Table of Contents

•

Phase 2 DH Group - select the type of DH key exchange in Phase 2 for Perfect Forward

Secrecy.

•

Default LAN Gateway - if specifying the IP address of the default LAN route for incoming

IPSec packets for this SA. This is used in conjunction with the Route all traffic through this

SA check box.

14. Click Update to add the remote network and close the VPN Destination Network

window. Once the SonicWALL TELE3 SP has been updated, a message confirming the

update is displayed at the bottom of the browser window.

Note: Since Window Networking (NetBIOS) has been enabled, users can view remote

computers in their Windows Network Neighborhood. Users can also access resources on

the remote LAN by entering servers' or workstations remote IP addresses.

VPN Third Party Digital Certificate Support

Note: This section assumes that you are familiar with Public Key Infrastructure (PKI) and the

implementation of digital certificates with VPN.

A digital certificate is an electronic means to verify identity by a trusted third party known as a

Certificate Authority (CA). SonicWALL now supports third party certificates in addition to the

existing Authentication Service. The difference between third party certificates and the

SonicWALL Authentication Service is the ability to select the source for your CA certificate.

Using Certificate Authority Certificates and Local Certificates is a more manual process

than using the SonicWALL Authentication Service; therefore, experience with implementing

Public Key Infrastructure (PKI) is necessary to understand the key components of digital

certificates.

Internet Key Exchange (IKE) is an important part of IPSec VPN solutions, and it can use digital

signatures to authenticate peer devices before setting up security associations. Without digital

signatures, VPN users must authenticate by manually exchanging shared secrets or symmetric

keys. Devices using digital signatures do not require configuration changes every time a new

device is added to the network.

SonicWALL has implemented X.509v3 as its certificate form and CRLv2 for its certificate

revocation list.

SonicWALL supports the following two vendors of Certificate Authority Certificates:

•

VeriSign

•

Entrust

SonicWALL VPN Page 145

Table of Contents

Show Quick Links

Quick Links:
Your Sonicwall Tele3 Sp (Smart Path)...

Hide quick links:

Table of Contents

Vpn Third Party Digital Certificate Support - SonicWALL TELE3 SP Administrator's Manual

VPN Third Party Digital Certificate Support

Hide quick links:

Related Manuals for SonicWALL TELE3 SP

Related Content for SonicWALL TELE3 SP

Table of Contents