Solved

sonicwall tz200 vpn passthrough authentication

Posted on 2010-08-22
11
1,620 Views
Last Modified: 2012-06-22
I am wondering if anyone can direct me to some good instructions on setting up the sonicwall vpn on a tz200 with sonic os enhanced and the sonicwall vpn client to allow for passthrough authentication to a Windows SBS 2003 standard sever.
0
Comment
Question by:linknetworks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
11 Comments
 
LVL 8

Expert Comment

by:jimmyray7
ID: 33497026
0
 
LVL 33

Expert Comment

by:digitap
ID: 33497591
Are you talking about pre-authorization before login or Single Sign-On?
0
 

Author Comment

by:linknetworks
ID: 33497838
I am not that familiar with vpn's so I am not sure what pre-authorization is, but I want whatever is easiest for the end user. Basically I want the user to be able to access the network with minimal input and everything appears the same as when they are logged in at the office. For instance, they run the vpn client and enter the same username and password as they do when in the office and away they go. Hope that makes sense.
0
Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

 
LVL 33

Expert Comment

by:digitap
ID: 33497982
OK...what I mean by pre-auth is that the GVC authenticates before you login so the laptop has access to the domain.  With the extra information you provided above, I understand your goal.

You can configure the global VPN client to authenticate users via LDAP, RADIUS and the local sonicwall database.  If you want the username and password to be what they use to login to the domain, then you'll want to use LDAP or RADIUS.

LDAP is touch and go for me.  With 2008 R2, I haven't been able to get it to work.  I fall back to RADIUS.  I have two links below for configuring both.  Let me know if you have any questions.

RADIUS: http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=6591

LDAP: http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7806
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 33497992
A bit more information:

A VPN (virtual private network) will allow a remote user to make a secure connection from a remote location (home, hotel, etc.) back to the office.  The GroupVPN SA needs to be configured to allow this connectivity.  The two links can take you through a partial configuration.  The link below can walk you through configuring this.

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7507
0
 

Author Comment

by:linknetworks
ID: 33615000
thanks digitap, I was tied up with a server upgrade and haven't had a chance to give this a go. I will let you know how I make out.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33615005
no worries.
0
 

Author Comment

by:linknetworks
ID: 33623923
I set everything up as per your last link. Ran the sonicwall Global VPN Client and connected fine. I was asked for a username and password when first connecting that was the sonicwall local user account. I was then asked for my domain credentials when I attempted to map a network drive. Is their anyway to eliminate the dual logon prompts?
0
 
LVL 33

Expert Comment

by:digitap
ID: 33638752
Is this computer on the domain?  The computer was a domain member, then it should pass the credentials used to login to the device and you wouldn't need to authenticate when mapping the drive.

Configuring the GVC to authenticate a user to the domain will allow a user to only have one set of credentials.  This should make it easier for them.  There are ways we can automate the login process, but this creates a security risk.  Requiring the user to auth via the GVC means no one can access your network externally without the proper credentials from that device.  Hope that part makes sense.
0
 

Author Comment

by:linknetworks
ID: 33668808
Thanks digitap, all works great. The computer I tested on was not part of the domain hence the double autthentication. The domain workstations worked great, single authentication.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33668922
Glad it worked out!  Thanks for the points!
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to migrate from Juniper srx to pan 7.x? 2 37
IPSec firewall rules 1 37
Preventive Maintenance for Fortigate 100D HA Firewall 4 52
Block Hacker? 2 38
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question