Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

sonicwall tz200 vpn passthrough authentication

Posted on 2010-08-22
11
1,615 Views
Last Modified: 2012-06-22
I am wondering if anyone can direct me to some good instructions on setting up the sonicwall vpn on a tz200 with sonic os enhanced and the sonicwall vpn client to allow for passthrough authentication to a Windows SBS 2003 standard sever.
0
Comment
Question by:linknetworks
  • 6
  • 4
11 Comments
 
LVL 8

Expert Comment

by:jimmyray7
ID: 33497026
0
 
LVL 33

Expert Comment

by:digitap
ID: 33497591
Are you talking about pre-authorization before login or Single Sign-On?
0
 

Author Comment

by:linknetworks
ID: 33497838
I am not that familiar with vpn's so I am not sure what pre-authorization is, but I want whatever is easiest for the end user. Basically I want the user to be able to access the network with minimal input and everything appears the same as when they are logged in at the office. For instance, they run the vpn client and enter the same username and password as they do when in the office and away they go. Hope that makes sense.
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 33

Expert Comment

by:digitap
ID: 33497982
OK...what I mean by pre-auth is that the GVC authenticates before you login so the laptop has access to the domain.  With the extra information you provided above, I understand your goal.

You can configure the global VPN client to authenticate users via LDAP, RADIUS and the local sonicwall database.  If you want the username and password to be what they use to login to the domain, then you'll want to use LDAP or RADIUS.

LDAP is touch and go for me.  With 2008 R2, I haven't been able to get it to work.  I fall back to RADIUS.  I have two links below for configuring both.  Let me know if you have any questions.

RADIUS: http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=6591

LDAP: http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7806
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 33497992
A bit more information:

A VPN (virtual private network) will allow a remote user to make a secure connection from a remote location (home, hotel, etc.) back to the office.  The GroupVPN SA needs to be configured to allow this connectivity.  The two links can take you through a partial configuration.  The link below can walk you through configuring this.

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7507
0
 

Author Comment

by:linknetworks
ID: 33615000
thanks digitap, I was tied up with a server upgrade and haven't had a chance to give this a go. I will let you know how I make out.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33615005
no worries.
0
 

Author Comment

by:linknetworks
ID: 33623923
I set everything up as per your last link. Ran the sonicwall Global VPN Client and connected fine. I was asked for a username and password when first connecting that was the sonicwall local user account. I was then asked for my domain credentials when I attempted to map a network drive. Is their anyway to eliminate the dual logon prompts?
0
 
LVL 33

Expert Comment

by:digitap
ID: 33638752
Is this computer on the domain?  The computer was a domain member, then it should pass the credentials used to login to the device and you wouldn't need to authenticate when mapping the drive.

Configuring the GVC to authenticate a user to the domain will allow a user to only have one set of credentials.  This should make it easier for them.  There are ways we can automate the login process, but this creates a security risk.  Requiring the user to auth via the GVC means no one can access your network externally without the proper credentials from that device.  Hope that part makes sense.
0
 

Author Comment

by:linknetworks
ID: 33668808
Thanks digitap, all works great. The computer I tested on was not part of the domain hence the double autthentication. The domain workstations worked great, single authentication.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33668922
Glad it worked out!  Thanks for the points!
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Clarification about access via WAN 6 32
IPV6 Issues 3 35
VLAN Question 7 32
Exchange Server alternative with the ability to fetch a pop account 4 37
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question