csimmons1324
asked on
SonicWall - How to Configure a VPN Connection w/ Radius Authentication
I am using a SonicWall TZ170 with the 3.2.3.0-6e OS.
I need to configure VPN access on the TZ170 (clients will be using the Global VPN Client). I want my users to authenticate with Active Directory. I have set up our Domain Controller, running Server 2003, as a Radius Server and followed the instructions found here:
http://www.sonicwall.com/downloads/configuring_internet_authentication_service_on_microsoft_windows_2003_server.pdf
I have followed this Tech Note to the letter. I have used the SonicWall to test the Radius connection and it succeeds. However, I am uncertain on how to actually setup and configure the actual VPN connection on the SonicWall TZ170. Anyone have any suggestions or articles on how to set this up?
Note: I am using our Domain Controller for DHCP.
Thanks,
Chris
I need to configure VPN access on the TZ170 (clients will be using the Global VPN Client). I want my users to authenticate with Active Directory. I have set up our Domain Controller, running Server 2003, as a Radius Server and followed the instructions found here:
http://www.sonicwall.com/downloads/configuring_internet_authentication_service_on_microsoft_windows_2003_server.pdf
I have followed this Tech Note to the letter. I have used the SonicWall to test the Radius connection and it succeeds. However, I am uncertain on how to actually setup and configure the actual VPN connection on the SonicWall TZ170. Anyone have any suggestions or articles on how to set this up?
Note: I am using our Domain Controller for DHCP.
Thanks,
Chris
ASKER
After hours of reading, I found the solution to my problem in the forums at SonicWall's website: Here is the solution:
On the Sonic Wall TZ170 under VPN, DHCP over VPN, Central gateway, enable Send DHCP Reuest to Server and enter the 2003 DHCP server IP Address.
On the TZ170 under the "Network, DHCP Server" have nothing setup.
Under the WAN GroupVPN - Client tab you must have Virtual Adapter settings: DHCP Lease chosen.
Edit the user on the Local users screen to allow 'Firewalled Subnets'.
Of course you need to also follow the directions in the Tech Note I linked to in my original post.
Thanks,
Chris
On the Sonic Wall TZ170 under VPN, DHCP over VPN, Central gateway, enable Send DHCP Reuest to Server and enter the 2003 DHCP server IP Address.
On the TZ170 under the "Network, DHCP Server" have nothing setup.
Under the WAN GroupVPN - Client tab you must have Virtual Adapter settings: DHCP Lease chosen.
Edit the user on the Local users screen to allow 'Firewalled Subnets'.
Of course you need to also follow the directions in the Tech Note I linked to in my original post.
Thanks,
Chris
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
2007/08/20 18:12:06:081 Information <local host> The connection "test" has been enabled.
2007/08/20 18:12:06:542 Information Starting ISAKMP phase 1 negotiation.
2007/08/20 18:12:24:758 Error The peer is not responding to phase 1 ISAKMP requests.
2007/08/20 18:12:25:209 Information Starting ISAKMP phase 1 negotiation.
2007/08/20 18:12:43:785 Error The peer is not responding to phase 1 ISAKMP requests.
2007/08/20 18:12:44:236 Information Starting ISAKMP phase 1 negotiation.
2007/08/20 18:12:44:597 Information NAT Detected: Local host is behind a NAT device.
2007/08/20 18:12:44:597 Information The SA lifetime for phase 1 is 28800 seconds.
2007/08/20 18:12:44:607 Information Phase 1 has completed.
2007/08/20 18:12:44:657 Information User authentication information is needed to complete the connection.
2007/08/20 18:14:14:536 Information Starting ISAKMP phase 1 negotiation.
2007/08/20 18:14:14:806 Information NAT Detected: Local host is behind a NAT device.
2007/08/20 18:14:14:806 Information The SA lifetime for phase 1 is 28800 seconds.
2007/08/20 18:14:14:806 Information Phase 1 has completed.
2007/08/20 18:14:14:916 Information User authentication has succeeded.
2007/08/20 18:14:15:037 Information The configuration for the connection has been updated.
2007/08/20 18:14:15:047 Error The policy downloaded from the firewall is invalid or incomplete. Contact your network administrator.
Thanks,
Chris