Link to home
Start Free TrialLog in
Avatar of csimmons1324
csimmons1324Flag for United States of America

asked on

SonicWall - How to Configure a VPN Connection w/ Radius Authentication

I am using a SonicWall TZ170 with the 3.2.3.0-6e OS.

I need to configure VPN access on the TZ170 (clients will be using the Global VPN Client).  I want my users to authenticate with Active Directory.  I have set up our Domain Controller, running Server 2003, as a Radius Server and followed the instructions found here:

http://www.sonicwall.com/downloads/configuring_internet_authentication_service_on_microsoft_windows_2003_server.pdf

I have followed this Tech Note to the letter.  I have used the SonicWall to test the Radius connection and it succeeds.  However, I am uncertain on how to actually setup and configure the actual VPN connection on the SonicWall TZ170.  Anyone have any suggestions or articles on how to set this up?

Note: I am using our Domain Controller for DHCP.

Thanks,

Chris
Avatar of csimmons1324
csimmons1324
Flag of United States of America image

ASKER

Here is my log file from the Global VPN Client:

2007/08/20 18:12:06:081      Information      <local host>      The connection "test" has been enabled.
2007/08/20 18:12:06:542      Information      Starting ISAKMP phase 1 negotiation.
2007/08/20 18:12:24:758      Error               The peer is not responding to phase 1 ISAKMP requests.
2007/08/20 18:12:25:209      Information      Starting ISAKMP phase 1 negotiation.
2007/08/20 18:12:43:785      Error               The peer is not responding to phase 1 ISAKMP requests.
2007/08/20 18:12:44:236      Information      Starting ISAKMP phase 1 negotiation.
2007/08/20 18:12:44:597      Information      NAT Detected: Local host is behind a NAT device.
2007/08/20 18:12:44:597      Information      The SA lifetime for phase 1 is 28800 seconds.
2007/08/20 18:12:44:607      Information      Phase 1 has completed.
2007/08/20 18:12:44:657      Information      User authentication information is needed to complete the connection.
2007/08/20 18:14:14:536      Information      Starting ISAKMP phase 1 negotiation.
2007/08/20 18:14:14:806      Information      NAT Detected: Local host is behind a NAT device.
2007/08/20 18:14:14:806      Information      The SA lifetime for phase 1 is 28800 seconds.
2007/08/20 18:14:14:806      Information      Phase 1 has completed.
2007/08/20 18:14:14:916      Information      User authentication has succeeded.
2007/08/20 18:14:15:037      Information      The configuration for the connection has been updated.
2007/08/20 18:14:15:047      Error               The policy downloaded from the firewall is invalid or incomplete. Contact your network administrator.

Thanks,

Chris

Avatar of csimmons1324
csimmons1324
Flag of United States of America image

ASKER

After hours of reading, I found the solution to my problem in the forums at SonicWall's website:  Here is the solution:

On the Sonic Wall TZ170 under VPN, DHCP over VPN, Central gateway, enable Send DHCP Reuest to Server and enter the 2003 DHCP server IP Address.

On the TZ170 under the "Network, DHCP Server" have nothing setup.

Under the WAN GroupVPN - Client tab you must have Virtual Adapter settings: DHCP Lease chosen.

Edit the user on the Local users screen to allow 'Firewalled Subnets'.

Of course you need to also follow the directions in the Tech Note I linked to in my original post.

Thanks,

Chris
ASKER CERTIFIED SOLUTION
Avatar of EE_AutoDeleter
EE_AutoDeleter
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial