Page 18 SonicWALL Global VPN Client 4.0 Administrator’s Guide
The Global VPN Client support two IPSec Keying modes: IKE using Preshared Secret and IKE using 3rd
Party Certificates. Preshared Secret is the most common form of the IPSec Keying modes. If your VPN
connection policy uses 3rd party certificates, you use the Certificate Manager to configure the Global VPN
Client to use digital certificates.
A Pre-Shared Key (also called a Shared Secret) is a predefined field that the two endpoints of a VPN
tunnel use to set up an IKE (Internet Key Exchange) Security Association. This field can be any
combination of Alphanumeric characters with a minimum length of 4 characters and a maximum of 128
characters. Your Pre-Shared Key is typically configured as part of your Global VPN Client provisioning. If
it is not, you are prompted to enter it before you log on to the remote network.
Accessing Redundant VPN Gateways
The Global VPN Client supports redundant VPN gateways by manually adding the peer in the
Peers
page
of the VPN connection
Properties
dialog box. See “Peers” on page 26 for more information. The Global
VPN Client version 2.1.0.0 (or higher) adds automatic support for redundant VPN gateways if the IPSec
gateway’s domain name resolves to multiple IP address. For example, if
gateway.yourcompany.com
resolves to 67.115.118.7, 67.115.118.8 and 67.115.118.9, the Global VPN Client cycles through these
resolved IP addresses until it finds a gateway that responds, allowing multiple IP addresses to be used
as failover gateways. If all the resolved IP addresses fail to respond, Global VPN Client switches to the
next peer, if another peer is specified in the
Peers
page of the VPN connection
Properties
dialog box.
See “Peers” on page 26 for more information.
Note!
When configuring redundant VPN gateways, the Group VPN policy attributes (such as pre-shared
keys and the attributes on the Peer Information window) must be the same for every gateway.
Enabling a VPN Connection
Enabling a VPN connection with the SonicWALL Global VPN Client is a transparent two phase process.
Phase 1 enables the connection, which completes the ISAKMP (Internet Security Association and Key
Management Protocol) negotiation. Phase 2 is IKE (Internet Key Exchange) negotiation, which
establishes the VPN connection for sending and receiving data.
When you enable a VPN connection policy, the following information is displayed in the Status column of
the
SonicWALL Global VPN Client
window:
1.
Disabled
changes to
Connecting
.
2.
Connecting
changes to
Authenticating
when the
Enter Username/Password
dialog box is
displayed.
3.
Authenticating
changes to
Connecting
when the user enters the username and password.
4.
Connecting
changes to
Provisioning
.
5.
Provisioning
changes to
Connected
once the VPN connection is fully established. A green
checkmark is displayed on the VPN connection policy icon.
Once the VPN connection is established, a pop-up notification is displayed from the Global VPN Client
system tray icon. It displays the
Connection Name
,
Connected to IP address
and the
Virtual IP
Address
.
If an error occurs during the VPN connection,
Error
appears in the
Status
column and an error mark
(red x)
appears on the VPN connection policy icon. A VPN policy that doesn’t successfully complete all
phase 2 connections displays a yellow warning symbol on the policy icon.
Note!
If the Global VPN Client doesn’t establish the VPN connection, you can use the Log Viewer to view
the error messages to troubleshoot the problem. See “Understanding the Global VPN Client Log” on
page 31 for more information.