Solved

sonicwall tz200 vpn passthrough authentication

Posted on 2010-08-22
11
1,626 Views
Last Modified: 2012-06-22
I am wondering if anyone can direct me to some good instructions on setting up the sonicwall vpn on a tz200 with sonic os enhanced and the sonicwall vpn client to allow for passthrough authentication to a Windows SBS 2003 standard sever.
0
Comment
Question by:linknetworks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
11 Comments
 
LVL 8

Expert Comment

by:jimmyray7
ID: 33497026
0
 
LVL 33

Expert Comment

by:digitap
ID: 33497591
Are you talking about pre-authorization before login or Single Sign-On?
0
 

Author Comment

by:linknetworks
ID: 33497838
I am not that familiar with vpn's so I am not sure what pre-authorization is, but I want whatever is easiest for the end user. Basically I want the user to be able to access the network with minimal input and everything appears the same as when they are logged in at the office. For instance, they run the vpn client and enter the same username and password as they do when in the office and away they go. Hope that makes sense.
0
What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

 
LVL 33

Expert Comment

by:digitap
ID: 33497982
OK...what I mean by pre-auth is that the GVC authenticates before you login so the laptop has access to the domain.  With the extra information you provided above, I understand your goal.

You can configure the global VPN client to authenticate users via LDAP, RADIUS and the local sonicwall database.  If you want the username and password to be what they use to login to the domain, then you'll want to use LDAP or RADIUS.

LDAP is touch and go for me.  With 2008 R2, I haven't been able to get it to work.  I fall back to RADIUS.  I have two links below for configuring both.  Let me know if you have any questions.

RADIUS: http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=6591

LDAP: http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7806
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 33497992
A bit more information:

A VPN (virtual private network) will allow a remote user to make a secure connection from a remote location (home, hotel, etc.) back to the office.  The GroupVPN SA needs to be configured to allow this connectivity.  The two links can take you through a partial configuration.  The link below can walk you through configuring this.

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7507
0
 

Author Comment

by:linknetworks
ID: 33615000
thanks digitap, I was tied up with a server upgrade and haven't had a chance to give this a go. I will let you know how I make out.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33615005
no worries.
0
 

Author Comment

by:linknetworks
ID: 33623923
I set everything up as per your last link. Ran the sonicwall Global VPN Client and connected fine. I was asked for a username and password when first connecting that was the sonicwall local user account. I was then asked for my domain credentials when I attempted to map a network drive. Is their anyway to eliminate the dual logon prompts?
0
 
LVL 33

Expert Comment

by:digitap
ID: 33638752
Is this computer on the domain?  The computer was a domain member, then it should pass the credentials used to login to the device and you wouldn't need to authenticate when mapping the drive.

Configuring the GVC to authenticate a user to the domain will allow a user to only have one set of credentials.  This should make it easier for them.  There are ways we can automate the login process, but this creates a security risk.  Requiring the user to auth via the GVC means no one can access your network externally without the proper credentials from that device.  Hope that part makes sense.
0
 

Author Comment

by:linknetworks
ID: 33668808
Thanks digitap, all works great. The computer I tested on was not part of the domain hence the double autthentication. The domain workstations worked great, single authentication.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33668922
Glad it worked out!  Thanks for the points!
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question