- #Sonicwall ssl vpn client setup using 2nd public ip how to
- #Sonicwall ssl vpn client setup using 2nd public ip windows
(note particular these settings seem to change with every release of the SonicWALL OS unfortunately…) On the same SSL VPN -> Server Settings page, Enable the “Use RADIUS in” checkbox and select the “MSCHAPv2 mode” radio button.Ĭlick on the Accept button to save the settings. I typically recommend changing the administration port to 444 or 4433 so 443 is available and can be used for SSL VPN functionality. Please note - you will have to make sure the SonicWALL’s administration webpage is set to something other than 443 for this to work (configured under System -> Administration -> HTTPS Port). Go to SSL VPN -> Server Settings and enable the WAN interface at port 443 (the round icon should turn green). On the VPN Access tab, make sure you add your internal networks (address objects) that users would need to access, otherwise you won’t be able to access any internal networks even if you’ve successfully connected to the VPN.Ĭonfigure SSL VPN settings Step 1 – Configure Server Settings Go to Users -> Local Groups and edit the properties of the SSLVPN Services local group. Step 3 – Save SettingsĬlick Accept at the bottom of the page Configure Local Group Access You should receive a response of, “Radius Client Authentication Succeeded”. Change the radio button to MSCHAP or MSCHAPv2 and click Test. Specify a user account that you added as a member to the previously created “SSL-VPN Access” global group, enter the applicable user password. Make sure to change the Default User Group for all RADIUS users to belong to “SSLVPN Services” Setup the Primary and Secondary (optional) RADIUS server and previously defined Shared Secret password.
Select the Configure RADIUS button and change the settings on each tab to the following: Tab – Settings I suggest keeping a local user setup in the event the RADIUS server(s) go down unexpectedly.) Go to Users -> Settings and change User Authentication method from “Local Users” to “RADIUS + Local Users” (this allows you to use either local user accounts created in the SonicWALL OR use Active Directory based user accounts during authentication. Configure SonicWALL for RADIUS authentication Step 1 – Change User Authentication mode
Make sure the Access Granted radio button is selected for the Permission properties, and use the default selections for Authentication Methods, Configuration Constraints, and Configuration Settings, then select Finish in the Add Network Policy wizard. Specific the “SSL-VPN Access” global group you previously created in Active Directory.
#Sonicwall ssl vpn client setup using 2nd public ip windows
Add the condition Windows Groups, and click ADD. Step 4 – Create New Network Policy in NPSĬreate a new Network Policy and call the policy, “ SonicWALL SSL VPN“. In Active Directory, create a global group called “SSL-VPN Access” and add the applicable users to this group that will require remote VPN access. Configure Windows Server for RADIUS authentication Step 1 – Install NPSĪdd the Network Policy Server role on your Windows server if it’s not yet already installed.Īdd a RADIUS client to NPS using the LAN IP address of the SonicWALL firewall, and create an applicable Shared Secret password.
#Sonicwall ssl vpn client setup using 2nd public ip how to
The following article is a step by step guide how to configure the firewall and Windows Servers to accomplish this. Setting up the SonicWALL firewall for using SSL VPN is pretty simple, even when it comes to utilizing Windows Domain Accounts via RADIUS authentication.
0 kommentar(er)
