VaporSec and Sonicwall Pro-VX

[NetWhiz]

I am having trouble getting VaporSec to work with my Sonicwall. I am already using GroupVPN for other users that require XAUTH (using the Sonicwall client), so that is not available for use. Can someone post exact setup instructions for a VPN config on the Sonicwall to allow for a remote connection using VaporSec (allowing for any IP would be nice)? I have tried many things, but am more than willing to try anything to get this to work.

Thank you in advance!

[opus]

XAUTH is optional for all security associations (SA) in a SonicWALL. It is never a requirement.

You can make another SA that will accept a connection from any IP. Just set the SA’s IPSec gateway value to ‘0.0.0.0’. However, there are a couple other problems to note:

1. Only one client can connect to a given SA. The GroupVPN SA is the only one that allows connections from multiple clients simultaneously. You have a Pro-VX, so you have the ability to create a lot of SAs, but if you have a lot of Mac users it could be tedious.

2. You have to enter a destination network into the SonicWALL’s SA. For a VPN client, its IPSec gateway address is virtually always the same as it’s host network. In other words, when you connect to the GroupVPN SA the SonicWALL uses the same IP address for the client’s IPSec gateway and destination network. However, no other SA in the SonicWALL can operate in this manner, and must have a predefined destination network. This can be worked around by assigning the client a virtual IP address in the same subnet that is predefined by the SA the client is connecting to. However, I don’t know if Kame/Racoon supports this.

[Author]

Posts