Table of Contents
Advertisement
1. Enter the number of seconds in the Keep alive time (secs) field to send special packets to keep the
connection open.
2. Enter the IP address of your first DNS server in the DNS Server 1 field.
3. If you have a second DNS server, type the IP address in the DNS Server 2 field.
4. Enter the IP address of your first WINS server in the WINS Server 1 field.
5. If you have a second WINS server, type the IP address in the WINS Server 2 field.
IP Address Settings
6. Select IP address provided by RADIUS Server if a RADIUS Server provides IP addressing
information to the L2TP clients.
7. If the L2TP Server provides IP addresses, select Use the Local L2TP IP pool. Enter the range of
private IP addresses in the Start IP and End IP fields. The private IP addresses should be a range of
IP addresses on the LAN.
L2TP Users
8. If you have configured a specific user group for using L2TP, select it from the User Group for L2TP
users menu. You can also select Everyone.
9. Click OK.
Adding L2TP Clients to the SonicWALL
To add L2TP clients to the local user database or a RADIUS database, click Users, then Add. When
adding privileges for a user, select L2TP Client as one of the privileges. Then the user can access the
SonicWALL as a L2TP client.
Currently Active L2TP Sessions
•
User Name - the user name assigned in the local user database or the RADIUS user database.
•
PPP IP - the source IP address of the connection.
•
Interface - the type of interface used to access the L2TP Server, whether it's a VPN client or another
SonicWALL appliance.
•
Authentication - type of authentication used by the L2TP client.
•
Host Name - the name of the network connecting to the L2TP Server.
Digital Certificates
Overview of X.509 v3 Certificates
A digital certificate is an electronic means to verify identity by a trusted third party known as a Certificate
Authority (CA). X.509 v3 certificate standard is a specification to be used with cryptographic certificates
and allows you to define extensions which you can include with your certificate. SonicWALL has
implemented this standard in its third party certificate support.
You can use a certificate signed and verified by a third party CA to use with an IKE (Internet Key Exchange
VPN policy. IKE is an important part of IPSec VPN solutions, and it can use digital certificates to
authenticate peer devices before setting up SAs. Without digital certificates, VPN users must authenticate
by manually exchanging shared secrets or symmetric keys. Devices or clients using digital signatures do
not require configuration changes every time a new device or client is added to the network.
A typical certificate consists of two sections: a data section and a signature section. The data section
typically contains information such as the version of X.509 supported by the certificate, a certificate serial
number, information, information about the user's public key, the Distinguished Name (DN), validation
VPN Page 123
Advertisement
Table of Contents
