Solved

sonicwall tz200 vpn passthrough authentication

Posted on 2010-08-22
11
1,600 Views
Last Modified: 2012-06-22
I am wondering if anyone can direct me to some good instructions on setting up the sonicwall vpn on a tz200 with sonic os enhanced and the sonicwall vpn client to allow for passthrough authentication to a Windows SBS 2003 standard sever.
0
Comment
Question by:linknetworks
  • 6
  • 4
11 Comments
 
LVL 8

Expert Comment

by:jimmyray7
ID: 33497026
0
 
LVL 33

Expert Comment

by:digitap
ID: 33497591
Are you talking about pre-authorization before login or Single Sign-On?
0
 

Author Comment

by:linknetworks
ID: 33497838
I am not that familiar with vpn's so I am not sure what pre-authorization is, but I want whatever is easiest for the end user. Basically I want the user to be able to access the network with minimal input and everything appears the same as when they are logged in at the office. For instance, they run the vpn client and enter the same username and password as they do when in the office and away they go. Hope that makes sense.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33497982
OK...what I mean by pre-auth is that the GVC authenticates before you login so the laptop has access to the domain.  With the extra information you provided above, I understand your goal.

You can configure the global VPN client to authenticate users via LDAP, RADIUS and the local sonicwall database.  If you want the username and password to be what they use to login to the domain, then you'll want to use LDAP or RADIUS.

LDAP is touch and go for me.  With 2008 R2, I haven't been able to get it to work.  I fall back to RADIUS.  I have two links below for configuring both.  Let me know if you have any questions.

RADIUS: http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=6591

LDAP: http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7806
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 33497992
A bit more information:

A VPN (virtual private network) will allow a remote user to make a secure connection from a remote location (home, hotel, etc.) back to the office.  The GroupVPN SA needs to be configured to allow this connectivity.  The two links can take you through a partial configuration.  The link below can walk you through configuring this.

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7507
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:linknetworks
ID: 33615000
thanks digitap, I was tied up with a server upgrade and haven't had a chance to give this a go. I will let you know how I make out.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33615005
no worries.
0
 

Author Comment

by:linknetworks
ID: 33623923
I set everything up as per your last link. Ran the sonicwall Global VPN Client and connected fine. I was asked for a username and password when first connecting that was the sonicwall local user account. I was then asked for my domain credentials when I attempted to map a network drive. Is their anyway to eliminate the dual logon prompts?
0
 
LVL 33

Expert Comment

by:digitap
ID: 33638752
Is this computer on the domain?  The computer was a domain member, then it should pass the credentials used to login to the device and you wouldn't need to authenticate when mapping the drive.

Configuring the GVC to authenticate a user to the domain will allow a user to only have one set of credentials.  This should make it easier for them.  There are ways we can automate the login process, but this creates a security risk.  Requiring the user to auth via the GVC means no one can access your network externally without the proper credentials from that device.  Hope that part makes sense.
0
 

Author Comment

by:linknetworks
ID: 33668808
Thanks digitap, all works great. The computer I tested on was not part of the domain hence the double autthentication. The domain workstations worked great, single authentication.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33668922
Glad it worked out!  Thanks for the points!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now