SonicWALL none Product Manual
  1. Manuals
  2. Brands
  3. SonicWALL Manuals
  4. Network Card
  5. none
  6. Product manual

SonicWALL none Product Manual

Sonicwall network card product guide
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Global VPN Client Administrator's Guide
PROTECTION AT THE SPEED OF BUSINESS

Advertisement

Table of Contents
loading

Related Manuals for SonicWALL none

Summary of Contents for SonicWALL none

  • Page 1 Global VPN Client Administrator's Guide PROTECTION AT THE SPEED OF BUSINESS ™...

  • Page 2: Table Of Contents

    Table of Contents SonicWALL Global VPN Client ... 5 SonicWALL Global VPN Client Features ... 5 New Features in SonicWALL Global VPN Client 4.0 ... 6 Global VPN Client Enterprise/Global Security Client ... 7 About this Guide... 7 Using the Right Administrator’s Guides... 7 Conventions Used in this Guide ...
  • Page 3 Generating a Help Report ... 33 Accessing Technical Support ... 34 Viewing Help Topics... 34 Uninstalling the SonicWALL Global VPN Client (Windows 98 SE) ... 34 Configuring SonicWALL Security Appliances for Global VPN Clients ... 34 SonicWALL Global VPN Client Licenses ... 35 Group VPN Connections Supported by Each SonicWALL Model...
  • Page 4 Creating the default.rcf File ... 42 Sample default.rcf File... 44 Troubleshooting the deafult.rcf File ... 47 Appendix B - SonicWALL Global VPN Client Installation Using the InstallShield Silent Response File ... 47 Creating the Silent Installation... 47 Playing Back the Silent Installation ... 48 Using Setup.log to Check for Errors...
  • Page 5 Appendix D - Installing the Global VPN Client with a Ghost Application... 50 Appendix E- Log Viewer Messages ... 50 SonicWALL Global VPN Client 4.0 Administrator’s Guide Page 5...

  • Page 6: Sonicwall Global Vpn Client

    Client Policy Provisioning - Using only the IP address or Fully Qualified Domain Name (FQDN) of the SonicWALL VPN gateway, the VPN configuration data is automatically downloaded from the SonicWALL VPN gateway via a secure IPSec tunnel, removing the burden from the remote user of provisioning VPN connections.

  • Page 7: New Features In Sonicwall Global Vpn Client 4.0

    • Single VPN Connection to any SonicWALL Secure Wireless Appliance for Roaming - Allows users to use a single VPN connection policy to access the networks of multiple SonicWALL Secure Wireless appliances. • Automatic Configuration of Redundant Gateways from DNS - When an IPSec gateway domain name resolves to multiple IP addresses, the Global VPN Client (version 2.1.0.0 or higher) uses the...

  • Page 8: Global Vpn Client Enterprise/Global Security Client

    The SonicWALL Global VPN Client as part of the SonicWALL Global Security Client operates on Windows 2000 (SP3), Windows XP Home (SP1), and Windows XP Professional (SP1) operating systems for clients. The Global VPN Client as part of the SonicWALL Global Security Client is supported by the following SonicWALL security appliances and firmware versions: •...

  • Page 9: Conventions Used In This Guide

    SonicWALL’s GroupVPN, see the Administrator’s Guide for the firmware or SonicOS version running on your SonicWALL wireless security appliance. SonicWALL Global VPN Client If you’re using SonicWALL Global VPN Client 4.0 on Windows 98 SE, use only the SonicWALL Global VPN Client 4.0 Administrator’s Guide. Tip! Always check http://www.sonicwall.com/support/VPN_documentation.html...

  • Page 10: Limited Warranty

    EVEN IF SONICWALL OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event shall SonicWALL or its suppliers' liability to Customer, whether in contract, tort (including negligence), or otherwise, exceed the price paid by Customer. The foregoing limitations shall apply even if the above-stated warranty fails of its essential purpose.

  • Page 11: Using The Setup Wizard

    You can upgrade the SonicWALL Global VPN Client from an earlier version to 4.0 without uninstalling the earlier version. Alert! If you are upgrading SonicWALL Global VPN Client from an earlier version to 4.0 and want to use the Retain MAC Address uninstall feature of the SonicWALL Virtual Adapter, you must uninstall the earlier version before installing Global VPN Client 4.0.
  • Page 12 6. Click Next to accept the default location and continue installation or click Browse to specify a different location. 7. Click Install. The Setup Wizard installs the Global VPN Client files on your computer. After the Setup Wizard installs the Global VPN Client, the Setup Complete page is displayed. Installing the SonicWALL Global VPN Client Page 11...

  • Page 13: Adding Vpn Connection Policies

    IPSec VPN tunnel. • Import a VPN policy file into the SonicWALL Global VPN Client. The VPN policy is sent to you as a file, which you install using the Import Connection dialog box. •...

  • Page 14: Understanding Digital Certificates

    Internet connection before using the New Connection Wizard. • Office Gateway - You choose this scenario if you want secure access to a local SonicWALL Secure Wireless appliance network. When you create an Office Gateway VPN connection, it appears as the Peer entry of <Default Gateway>...
  • Page 15 Clicking on the Remote Access View Scenario links displays the diagram for this type of VPN connection. Clicking on the Office Gateway View Scenario link displays the diagram for this type of VPN connection. 4. Select Remote Access or Office Gateway and then click Next. Page 14 SonicWALL Global VPN Client 4.0 Administrator’s Guide...

  • Page 16: Importing A Vpn Configuration File

    Name field. Importing a VPN Configuration File A VPN connection policy can be created as a file and sent to you by the SonicWALL VPN gateway administrator. This VPN configuration file has the filename extension .rcf. If you received a VPN connection policy file from your administrator, you can install it using the Import Connection dialog box.

  • Page 17: Configuring A Dial-Up Vpn Connection

    Application field or click browse ... to locate the program. 9. Click OK three times to return to the SonicWALL Global VPN Client window. Page 16 SonicWALL Global VPN Client 4.0 Administrator’s Guide...

  • Page 18: Launching The Sonicwall Global Vpn Client

    To launch the SonicWALL Global VPN Client, choose Start>Programs>SonicWALL Global VPN Client. The default setting for the SonicWALL Global VPN Client window is Hide the window (reopen it from the tray icon). If you click Close, press Alt+F4 or choose File>Close, the SonicWALL Global VPN Client window closes but your established VPN connections remain active.

  • Page 19: Accessing Redundant Vpn Gateways

    Peer Information window) must be the same for every gateway. Enabling a VPN Connection Enabling a VPN connection with the SonicWALL Global VPN Client is a transparent two phase process. Phase 1 enables the connection, which completes the ISAKMP (Internet Security Association and Key Management Protocol) negotiation.

  • Page 20: Establishing Multiple Connections

    1. Enable a VPN connection policy using one of the following methods: • If you selected Enable this connection when the program is launched in the New Connection Wizard, the VPN connection is automatically established when you launch the SonicWALL Global VPN Client. •...

  • Page 21: Entering A Pre-Shared Key

    3. Click OK. Selecting a Certificate If the SonicWALL VPN Gateway requires a Digital Certificate to establish your identity for the VPN connection, the Select Certificate dialog box appears. This dialog box lists all the available certificates installed on your Global VPN Client. Select the certificate from the menu, then click OK. If you have a certificate that has not been imported into the Global VPN Client using Certificate Manager, click Import Certificate.

  • Page 22: Connection Warning

    If the SonicWALL VPN gateway is provisioned to prompt you for the username and password to enter the remote network, the Enter Username and Password dialog box appears. Type your username and password. If permitted by the gatewa y, check Remember Username and Password to cache your username and password to automatically log in for future VPN connections.

  • Page 23: Creating A Vpn Policy Shortcut

    Start menu. You can also place the connection policy at any other location on your system. To create a shortcut: 1. Select the VPN connection policy you want to create a shortcut for in the SonicWALL Global VPN Client window.

  • Page 24: Specifying Global Vpn Client Launch Options

    Options dialog box. The General page includes the following settings to control the launch of the Global VPN Client: • Start this program when I log in - Launches the SonicWALL Global VPN Client when you log into your computer. •...

  • Page 25: Managing Vpn Connection Policy Properties

    • Exit - Exits the SonicWALL Global VPN Client window and disables any active VPN connections. Moving the mouse pointer over the SonicWALL Global VPN Client icon in the system tray displays the number of enabled VPN connections. The Global VPN Client icon in the system tray also acts as a visual indicator of data passing between the Global VPN Client and the SonicWALL gateway.

  • Page 26: User Authentication

    Other traffic allowed - If enabled, your computer can access the local network or Internet connection while the VPN connection is active. Default traffic tunneled to peer - If activated, all network traffic not routed to the SonicWALL VPN gateway is blocked. When you enable the VPN connection with this feature active, the Connection Warning message appears.

  • Page 27: Peers

    VPN gateway does not respond for three consecutive heart beats. The Global VPN Client exchanges “heart beat” packets to detect if the peer gateway is alive. This setting is enabled by default. Page 26 SonicWALL Global VPN Client 4.0 Administrator’s Guide...
  • Page 28 • DPD Settings - Displays the Dead Peer Detection Settings dialog box. Check for dead peer every - choose from 5, 10, 15, 20, 25, or 30 seconds. Assume peer is dead after - choose from 3, 4, or 5 Failed Checks. Specify the conditions under which DPD packets will be sent - Choose either Only when no traffic is received from the peer or whether or not traffic is received from the peer.

  • Page 29: Status

    IP Address - The IP address assigned via DHCP through the VPN tunnel from the VPN gateway. Subnet Mask - The subnet of the peer. Renew - Renews DHCP lease information. Page 28 SonicWALL Global VPN Client 4.0 Administrator’s Guide...

  • Page 30: Managing Vpn Connection Policies

    Managing VPN Connection Policies The SonicWALL Global VPN Client supports as many VPN connection policies as you need. To help you manage these connection policies, the Global VPN Client provides the following connection policy management tools. Arranging Connection Policies Over time, as the number of VPN connection policies can increase in the SonicWALL Global VPN Client window, you may want to arrange them for quicker access.

  • Page 31: Managing Certificates

    Choose View>Toolbar to hide the toolbar. • Choose View>Status Bar to hide the status bar. Tip! For more information on using certificates for your VPN on the SonicWALL, see the SonicWALL Administrator’s Guide. Troubleshooting the SonicWALL Global VPN Client The SonicWALL Global VPN Client provides tools for troubleshooting your VPN connections. This section explains using Log Viewer, generating a Help Report, accessing SonicWALL’s Support site, using...

  • Page 32: Understanding The Global Vpn Client Log

    Understanding the Global VPN Client Log The SonicWALL Global VPN Client Log window displays messages about Global VPN Client activities. To open the Log Viewer window, click the Log Viewer button on the Global VPN Client window toolbar, or choose View>Log Viewer, or press Ctrl+L.

  • Page 33: Configuring The Log

    Overwrite existing file when auto-logging starts - Overwrites existing auto-log file after maximum file size is reached. Set size limit on auto-log file - Activates a maximum size limit for the log file. Page 32 SonicWALL Global VPN Client 4.0 Administrator’s Guide...

  • Page 34: Generating A Help Report

    Generate Report creates a report containing useful information for getting help in solving any problems you may be experiencing. The report contains information regarding the condition of the SonicWALL Global VPN Client as well as the system it’s running on.

  • Page 35: Accessing Technical Support

    Global VPN Client. Click Next. Alert! If you are upgrading SonicWALL Global VPN Client from an earlier version to 4.0 and want to use the Retain MAC Address uninstall feature of the SonicWALL Virtual Adapter, you must uninstall the earlier version before installing Global VPN Client 4.0.

  • Page 36: Sonicwall Global Vpn Client Licenses

    Group VPN Connections Supported by Each SonicWALL Model Tabe 1 describes the Global VPN Client License support of each SonicWALL model. You can purchase Global VPN Client software and Global VPN Client Licenses from SonicWALL, your reseller, or online at mysonicwall.com.

  • Page 37: Activating Your Sonicwall Global Vpn Clients

    Serial Number of the SonicWALL product. Your license activation is now complete. Downloading Global VPN Client Software and Documentation 1. In the My Products page, click the name of your SonicWALL on which the Global VPN Client license is activated.

  • Page 38: Software License Agreement For The Sonicwall Global Vpn Client

    SonicWALL grants you a non-exclusive license to use the SOFTWARE PRODUCT for SonicWALL Internet Security Appliances. OEM - If the SOFTWARE PRODUCT is modified and enhanced for a SonicWALL OEM partner, you must adhere to the software license agreement of the SonicWALL OEM partner.

  • Page 39: Exports License

    If the SOFTWARE PRODUCT is labeled as an upgrade, you must be properly licensed to use a product identified by SonicWALL as being eligible for the upgrade in order to use the SOFTWARE PRODUCT. A SOFTWARE PRODUCT labeled as an upgrade replaces and/or supplements the product that formed the basis for your eligibility for the upgrade.

  • Page 40: Miscellaneous

    SOFTWARE PRODUCT, and shall continue until terminated. Without prejudice to any other rights, SonicWALL may terminate this SLA if you fail to comply with the terms and conditions of this SLA. In such event, you agree to return or destroy the SOFTWARE PRODUCT (including all related documents and components items as defined above) and any and all copies of same.

  • Page 41: Sonicwall Global Vpn Client Support

    SonicWALL Global VPN Client Support SonicWALL’s comprehensive support services protect your network security investment and offer the support you need - when you need it. SonicWALL Global VPN Client support is included as part of the support program of your SonicWALL Internet Security Appliance.
  • Page 42 Include the default.rcf File with the Global VPN Client Software After you create the default.rcf file, you can include it with the SonicWALL Global VPN Client software. When the user installs the Global VPN Client program, the SonicWALL Global VPN Client.rcf file is automatically created in the C:\Documents and Settings\<user>\Application...

  • Page 43: Creating The Default.rcf File

    <ReEnableOnWake>[Off=0]/On=1</ReEnableOnWake> Enables the connection when computer is coming out of sleep or hibernation. <ReconnectOnError>Off=0/[On=1]</ReconnectOnError> Automatically keeps trying to enable the connection when an error occurs. <ExecuteLogonScript>[Disable=0]/Enable=1</ExecuteLogonScript> Forces launch login script. </Flags> Page 42 SonicWALL Global VPN Client 4.0 Administrator’s Guide...
  • Page 44 SonicWALL gateway. <EnableDeadPeerDetection>Off=0/On=1</EnableDeadPeerDetection> Enables detection if the Peer stops responding to traffic. This will send Vendor ID to the SonicWALL during IKE negotiation to enable Dead peer detection heart beat traffic. Alert! NAT Traversal - The implementation options for NAT Traversal were changed in Global VPN Client 2.x.

  • Page 45: Sample Default.rcf File

    <Connections> <Connection name="Corporate Firewall"> <Description>This is the corporate firewall. Call 1-800-fix-today for problems with connections.</ Description> <Flags> <AutoConnect>0</AutoConnect> <ForceIsakmp>1</ForceIsakmp> <ReEnableOnWake>0</ReEnableOnWake> <ReconnectOnError>1</ReconnectOnError> <ExecuteLogonScript>0</ExecuteLogonScript> </Flags> <Peer> <HostName>CorporateFW</HostName> <EnableDeadPeerDetection>1</EnableDeadPeerDetection> <ForceNATTraversal>0</ForceNATTraversal> <DisableNATTraversal>0</DisableNATTraversal> <NextHop>0.0.0.0</NextHop> <Timeout>3</Timeout> <Retries>3</Retries> Page 44 SonicWALL Global VPN Client 4.0 Administrator’s Guide...
  • Page 46 <UseDefaultGWAsPeerIP>0</UseDefaultGWAsPeerIP> <InterfaceSelection>0</InterfaceSelection> <WaitForSourceIP>0</WaitForSourceIP> <DialupUseMicrosoftDUN>1</DialupUseMicrosoftDUN> <DialupApp>c:\program files\aol\aol.exe</DialupApp> <DialupPhonebook>text</DialupPhonebook> <DialupLeaveConnected>0</DialupLeaveConnected> <DPDInterval>5</DPDInterval> <DPDAttempts>3</DPDAttempts> <DPDAlwaysSend>0</DPDAlwaysSend> </Peer> <Peer> <HostName>1.2.3.4</HostName> <EnableDeadPeerDetection>1</EnableDeadPeerDetection> <ForceNATTraversal>0</ForceNATTraversal> <DisableNATTraversal>0</DisableNATTraversal> <NextHop>0.0.0.0</NextHop> <Timeout>3</Timeout> <Retries>3</Retries> <UseDefaultGWAsPeerIP>0</UseDefaultGWAsPeerIP> <InterfaceSelection>0</InterfaceSelection> <WaitForSourceIP>0</WaitForSourceIP> <DialupUseMicrosoftDUN>1</DialupUseMicrosoftDUN> <DialupApp>c:\program files\aol\aol.exe</DialupApp> <DialupPhonebook>text</DialupPhonebook> <DialupLeaveConnected>0</DialupLeaveConnected> <DPDInterval>5</DPDInterval> <DPDAttempts>3</DPDAttempts> <DPDAlwaysSend>0</DPDAlwaysSend> </Peer> </Connection> <Connection name="Office Gateway"> <Description>This is the firewall to connect when traveling overseas.</Description> <Flags>...
  • Page 47 <ReconnectOnError>1</ReconnectOnError> <ExecuteLogonScript>0</ExecuteLogonScript> </Flags> <Peer> >&lt;Default Gateway&gt;</ <HostName <EnableDeadPeerDetection>1</EnableDeadPeerDetection> <ForceNATTraversal>0</ForceNATTraversal> <DisableNATTraversal>0</DisableNATTraversal> <NextHop>0.0.0.0</NextHop> <Timeout>3</Timeout> <Retries>3</Retries> <UseDefaultGWAsPeerIP>1</UseDefaultGWAsPeerIP> <InterfaceSelection>0</InterfaceSelection> <WaitForSourceIP>0</WaitForSourceIP> <DialupUseMicrosoftDUN>1</DialupUseMicrosoftDUN> <DialupApp>c:\program files\aol\aol.exe</DialupApp> <DialupPhonebook>text</DialupPhonebook> <DialupLeaveConnected>0</DialupLeaveConnected> <DPDInterval>5</DPDInterval> <DPDAttempts>3</DPDAttempts> <DPDAlwaysSend>0</DPDAlwaysSend> </Peer> </Connection> </Connections> </SW_Client_Policy> Page 46 SonicWALL Global VPN Client 4.0 Administrator’s Guide HostName>...

  • Page 48: Troubleshooting The Deafult.rcf File

    (normally Disk1 or the same folder as Setup.ins). Appendix B - SonicWALL Global VPN Client Installation Using the InstallShield Silent Response File Page 47 Table 2: Troubleshooting the default.rcf File Ensure that the file does not contain any non-ASCII characters.

  • Page 49: Playing Back The Silent Installation

    An integer value is assigned to the ResultCode keyname in the [ResponseResult] section. The silent setup places one of the following return values after the ResultCode keyname: Page 48 SonicWALL Global VPN Client 4.0 Administrator’s Guide Success General error...

  • Page 50: Appendix C - Running The Global Vpn Client From The Command Line Interface

    Appendix C - Running the Global VPN Client from the Command Line Interface The SonicWALL Global VPN Client can run from the Command Line Interface (CLI). This interface allows for the programmatic or script-based initiation of certain Global VPN Client functions without requiring the user to directly act in the Global VPN Client application.

  • Page 51: Appendix D - Installing The Global Vpn Client With A

    CmdLine=/g (Ghost) option, a default MAC address is assigned to the SonicWALL VPN Adapter. After the installation when the Global VPN Client is started for the first time, this default MAC address is detected, which in turn generates a new MAC address and assigns it to the SonicWALL VPN Adapter.
  • Page 52 Table 3: Log Viewer Messages ERROR Diffie-Hellman group generator length has not been set. ERROR Diffie-Hellman group prime length has not been set. ERROR DSS signature processing failed - signature is not valid. ERROR Encryption algorithm is not supported. ERROR ESP transform algorithm is not supported.
  • Page 53 Failed to construct mode config hash payload. ERROR Failed to construct NAT discovery payload. ERROR Failed to construct PFS key exchange payload. ERROR Failed to construct policy provisioning payload. Page 52 SonicWALL Global VPN Client 4.0 Administrator’s Guide Table 3: Log Viewer Messages...
  • Page 54 Table 3: Log Viewer Messages ERROR Failed to construct quick mode hash payload. ERROR Failed to construct quick mode packet. ERROR Failed to construct responder lifetime payload. ERROR Failed to construct RSA signature. ERROR Failed to construct signature payload. ERROR Failed to construct source proxy ID payload.
  • Page 55 Failed to set the ESP attributes from the SA payload into the SA. ERROR Failed to set the IPSEC AH attributes into the phase 2 SA. Page 54 SonicWALL Global VPN Client 4.0 Administrator’s Guide Table 3: Log Viewer Messages...
  • Page 56 Table 3: Log Viewer Messages ERROR Failed to set the IPSEC ESP attributes into the phase 2 SA. ERROR Failed to set the OAKLEY attributes into the phase 1 SA. ERROR Failed to set vendor ID into packet payload. ERROR Failed to set XAuth attributes into payload.
  • Page 57 Unable to compute hash! ERROR Unable to compute shared secret for PFS in phase 2! ERROR Unable to read configuration file. ERROR User did not enter XAuth next pin. Page 56 SonicWALL Global VPN Client 4.0 Administrator’s Guide Table 3: Log Viewer Messages...
  • Page 58 Table 3: Log Viewer Messages ERROR XAuth CHAP requests are not supported at this time. ERROR XAuth failed. ERROR XAuth has requested a password but one has not yet been specified. INFO "The connection """" has been disabled." INFO A certificate is needed to complete phase 1. INFO A phase 2 SA can not be established with until a phase 1 SA is established.
  • Page 59 Received invalid exchange type notify. INFO Received invalid flags notify. INFO Received invalid ID information notify. INFO Received invalid key info notify. INFO Received invalid major version notify. Page 58 SonicWALL Global VPN Client 4.0 Administrator’s Guide Table 3: Log Viewer Messages...
  • Page 60 Table 3: Log Viewer Messages INFO Received invalid message ID notify. INFO Received invalid minor version notify. INFO Received invalid payload notify. INFO Received invalid protocol ID notify. INFO Received invalid signature notify. INFO Received invalid SPI notify. INFO Received invalid transform ID notify. INFO Received malformed payload notify.
  • Page 61 The phase 1 SA has died. INFO The phase 2 SA has been deleted. INFO The phase 2 SA has died. INFO The SA lifetime for phase 1 is seconds. Page 60 SonicWALL Global VPN Client 4.0 Administrator’s Guide Table 3: Log Viewer Messages...
  • Page 62 Table 3: Log Viewer Messages INFO The SA lifetime for phase 2 is seconds. INFO The soft lifetime has expired for phase 1. INFO The soft lifetime has expired for phase 2 with. INFO The system ARP cache has been flushed. INFO Unable to encrypt payload! INFO...
  • Page 63 The select certificate dialog box was cancelled by the user. The connection will be disabled. WARNING The username/password dialog box was cancelled by the user. The connection will be disabled. WARNING Unable to decrypt payload! Page 62 SonicWALL Global VPN Client 4.0 Administrator’s Guide Table 3: Log Viewer Messages...
  • Page 64 Pre-Shared Key Redundant Gateways Configuration Selecting a Certificate SonicWALL VPN Gateway Configuration Troubleshooting Generate Report Log Viewer Uninstalling Global VPN Client Username/Password Authentication VPN Connection Policies Arranging VPN Policy Shortcut SonicWALL Global VPN Client 4.0 Administrator’s Guide Page 63 12, 29...
  • Page 65 P/N: 232-000xxx-00 Rev A, 08/07 ©2007 SonicWALL, Inc. is a registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Specifications and descriptions subject to change without notice. 07/07 SW 145 www.sonicwall.com...
  • Page 66 P/N: 232-001144-00 Rev C, 10/07 ©2007 SonicWALL, Inc. is a registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Specifications and descriptions subject to change without notice. 07/07 SW 145 www.sonicwall.com...

Table of Contents