We help IT Professionals succeed at work.

SonicWall - How to Configure a VPN Connection w/ Radius Authentication

9,629 Views
Last Modified: 2013-11-05
I am using a SonicWall TZ170 with the 3.2.3.0-6e OS.

I need to configure VPN access on the TZ170 (clients will be using the Global VPN Client).  I want my users to authenticate with Active Directory.  I have set up our Domain Controller, running Server 2003, as a Radius Server and followed the instructions found here:

http://www.sonicwall.com/downloads/configuring_internet_authentication_service_on_microsoft_windows_2003_server.pdf

I have followed this Tech Note to the letter.  I have used the SonicWall to test the Radius connection and it succeeds.  However, I am uncertain on how to actually setup and configure the actual VPN connection on the SonicWall TZ170.  Anyone have any suggestions or articles on how to set this up?

Note: I am using our Domain Controller for DHCP.

Thanks,

Chris
Comment
Watch Question

csimmons1324IT Manager

Author

Commented:
Here is my log file from the Global VPN Client:

2007/08/20 18:12:06:081      Information      <local host>      The connection "test" has been enabled.
2007/08/20 18:12:06:542      Information      Starting ISAKMP phase 1 negotiation.
2007/08/20 18:12:24:758      Error               The peer is not responding to phase 1 ISAKMP requests.
2007/08/20 18:12:25:209      Information      Starting ISAKMP phase 1 negotiation.
2007/08/20 18:12:43:785      Error               The peer is not responding to phase 1 ISAKMP requests.
2007/08/20 18:12:44:236      Information      Starting ISAKMP phase 1 negotiation.
2007/08/20 18:12:44:597      Information      NAT Detected: Local host is behind a NAT device.
2007/08/20 18:12:44:597      Information      The SA lifetime for phase 1 is 28800 seconds.
2007/08/20 18:12:44:607      Information      Phase 1 has completed.
2007/08/20 18:12:44:657      Information      User authentication information is needed to complete the connection.
2007/08/20 18:14:14:536      Information      Starting ISAKMP phase 1 negotiation.
2007/08/20 18:14:14:806      Information      NAT Detected: Local host is behind a NAT device.
2007/08/20 18:14:14:806      Information      The SA lifetime for phase 1 is 28800 seconds.
2007/08/20 18:14:14:806      Information      Phase 1 has completed.
2007/08/20 18:14:14:916      Information      User authentication has succeeded.
2007/08/20 18:14:15:037      Information      The configuration for the connection has been updated.
2007/08/20 18:14:15:047      Error               The policy downloaded from the firewall is invalid or incomplete. Contact your network administrator.

Thanks,

Chris

csimmons1324IT Manager

Author

Commented:
After hours of reading, I found the solution to my problem in the forums at SonicWall's website:  Here is the solution:

On the Sonic Wall TZ170 under VPN, DHCP over VPN, Central gateway, enable Send DHCP Reuest to Server and enter the 2003 DHCP server IP Address.

On the TZ170 under the "Network, DHCP Server" have nothing setup.

Under the WAN GroupVPN - Client tab you must have Virtual Adapter settings: DHCP Lease chosen.

Edit the user on the Local users screen to allow 'Firewalled Subnets'.

Of course you need to also follow the directions in the Tech Note I linked to in my original post.

Thanks,

Chris
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.