Table of Contents
Advertisement
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
ntp server 192.43.244.18 source outside prefer
no snmp-server location
no snmp-server contact
snmp-server community SF*&^SDG
no snmp-server enable traps
floodguard enable
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 15
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 15
console timeout 20
dhcpd address 192.168.100.101-192.168.100.199 inside
dhcpd dns 192.168.100.10
dhcpd lease 600
dhcpd ping_timeout 750
dhcpd domain vpntestlab.com
dhcpd enable inside
terminal width 80
banner motd Restricted Access. Please log in to continue.
Cryptochecksum:422aa5f321418858125b4896d1e51b89
: end
tenaya#
Method Two – SMA/SRA Appliance on DMZ
Interface
This method is optional and requires that the PIX have an unused third interface, such as a PIX 515, PIX 525, or
PIX 535. We are using the default numbering scheme of the SMA/SRA appliance.
1
From a management system, log in to the SMA/SRA appliance's Secure Mobile Access management
interface. By default the management interface is X0 and the default IP address is 192.168.200.1.
2
Navigate to the Network > Routes page and make sure the Default Gateway is set to 192.168.200.2
When done, click Accept in the upper-right corner to save and activate the change.
3
Navigate to the NetExtender > Client Addresses page. Enter 192.168.200.201 in the field next to
Client Address Range Begin:, and enter 192.168.200.249 in the field next to Client Address Range
End:'. When done, click Accept in the upper-right corner to save and activate the change.
4
Navigate to the NetExtender > Client Routes page. Add a client route for 192.168.100.0 and
192.168.200.0.
5
Navigate to the Network > DNS page and enter your internal network's DNS addresses, internal domain
name, and WINS server addresses. These are critical for NetExtender to function correctly. When done,
click Accept in the upper-right corner to save and activate the change.
6
Navigate to the System > Restart page and click Restart...
7
Install the SMA/SRA appliance's X0 interface on the unused DMZ network of the PIX. Do not hook any of
the appliance's other interfaces up.
8
Connect to the PIX's management CLI by way of console port, telnet, or SSH and enter configure mode.
9
Issue the command 'clear http' to shut off the PIX's HTTP/S management interface.
10 Issue the command 'interface ethernet2 auto' (or whatever interface you are using)
Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
441
Advertisement
Chapters
Table of Contents
Troubleshooting
