SonicWALL SSL-VPN 2000 Administrator's Manual page 286

Navigate to the NetExtender > Client Addresses page. You will need to enter a range of IP
Step 4
addresses for the 192.168.100.0/24 network that are not in use on your internal LAN network;
if your network has an existing DHCP server or the PIX is running a DHCP server on its internal
interface, you will need to make sure not to conflict with these addresses. For example: enter
192.168.100.201 in the field next to Client Address Range Begin:, and enter 192.168.100.249
in the field next to Client Address Range End:. When done, click on the Accept button in the
upper-right-hand corner to save and activate the change.
Navigate to the NetExtender > Client Routes page. Add a client route for 192.168.100.0. If
Step 5
there is an entry for 192.168.200.0, delete it.
Navigate to the Network > DNS page and enter your internal network's DNS addresses,
Step 6
internal domain name, and WINS server addresses. These are critical for NetExtender to
function correctly. When done, click on the Accept button in the upper-right-hand corner to
save and activate the change.
Navigate to the System > Restart page and click on the Restart... button.
Step 7
Install the SonicWALL SSL-VPN appliance's X0 interface on the LAN network of the PIX. Do
Step 8
not hook any of the appliance's other interfaces up.
Connect to the PIX's management CLI via console port, telnet, or SSH and enter configure
Step 9
mode.
Issue the command 'clear http' to shut off the PIX's HTTP/S management interface.
Step 10
Issue the command 'access-list sslvpn permit tcp any host x.x.x.x eq www' (replace x.x.x.x
Step 11
with the WAN IP address of your PIX)
Issue the command 'access-list sslvpn permit tcp any host x.x.x.x eq https' (replace x.x.x.x
Step 12
with the WAN IP address of your PIX)
Issue the command 'static (inside,outside) tcp x.x.x.x www 192.168.100.2 www netmask
Step 13
255.255.255.255 0 0' (replace x.x.x.x with the WAN IP address of your PIX)
Issue the command 'static (inside,outside) tcp x.x.x.x https 192.168.100.2 https netmask
Step 14
255.255.255.255 0 0' (replace x.x.x.x with the WAN IP address of your PIX)
Issue the command 'access-group sslvpn in interface outside'
Step 15
Exit config mode and issue the command 'wr mem' to save and activate the changes.
Step 16
From an external system, attempt to connect to the SonicWALL SSL-VPN appliance using both
Step 17
HTTP and HTTPS. If you cannot access the SonicWALL SSL-VPN appliance, check all steps
above and test again.
Final Config Sample – Relevant Programming in Bold:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security4
enable password SqjOo0II7Q4T90ap encrypted
passwd SqjOo0II7Q4T90ap encrypted
hostname tenaya
domain-name vpntestlab.com
clock timezone PDT -8
clock summer-time PDT recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
Cisco PIX Configuration for SonicWALL SSL-VPN Appliance Deployment
SonicWALL SSL VPN 4.0 Administrator's Guide 273