Recently, I was asked to enable SSL VPN on a Sonic wall TZ210 Firewall, I have done this before but always end up forgetting some thing or other, so this time decided to document the process for myself and for you all.
To begin with Sonicwall supports three kind of VPN’s
- VPN : This is the basic one (without SSL) and to connect to it we use the Global VPN Client (GVC) Download Here
- SSL VPN: This is the more secured VPN option which is encrypted channel and we use the Netextender client to connect to it. Download Here
- IPSec tunnel or Site to Site tunnel: This is not a user VPN setup and more of a organisation wide VPN, if you have two offices and you want them to feel like in same LAN for file server access or any other server access. Then we can install one sonic wall at each office and establish an IPsec VPN tunnel between them to achieve the result.
In this article we are specifically talking about how to enable the second one, i.e. SSL VPN to be used by a NetExtender client, so lets get started
1) Login to your Sonic wall device with Admin credentials, On left hand side vertical Menu, Click Server settings under SSL VPN
Here you can change the SSL VPN port if needed, the default is 4433, enable network (by clicking on them) on which the client will have access to, usually LAN is enough.
Step 2: Click on Portal settings on the left Menu, Just match the settings are like this below, No real changes required here
Step 3: Click the Client settings on the left hand menu, this is the place you want most of your changes
1) Select you Lan interface here , you can check which one is your Lan interface by click Interfaces under Networks on your left menu, refer the screen shot below. In my case it was X0.
2) Specify the IP pool which will be assigned to your VPN clients, make sure this IP pool do not conflict with the DHCP range defined for your office
3) Specify the DNS server to be assigned to VPN Clients
4) Specify the User Domain, By default its set to LocalDomain and we can leave it as it is or you can set it to anything you like. Please understand that this is totally different then you AD domain and has nothing to do with that. We need to specify user domain during NetExtender client configuration and important thing to note is that this is CASE SENSITIVE.
Step 4: Click on Client Routes and Add you Lan subnets to the list, refer the screen shot
Step 5: No Changes are required under Virtual Office, its there for you to download VPN clients, for which we already provided a link above. Our next step is to create a user for login to VPN.
Step 6: Click Users on the left menu and create a local user, You also have options available to use Ldap users in SW but thats off scope for this document. So provide the user appropriate user name and Password and ensure that you make it a part of SSL VPN services, Everyone and Trusted users group
Step 7: We are done on the sonic wall , next we just need to Download and install the Net Extender client on the client windows PC. Use the user name and password which you created in step 6. It will also ask you to provide the public IP for sonicwall, which you can check on sonicwall under Network -> Interfaces , check the IP for Wan, if there are more then one Wan then try both the IP’s , usually both should work, unless restricted other wise.
PS: While providing the target IP in Net Extender client, make sure you provide the port number too i.e IP:4433 (The whole Socket) else the connection would fail. For Example if your target IP is 126.96.36.199 then in Net Extender config you will enter 188.8.131.52:4433.
Hope this Article help you to fix the issue you are facing, if not you can reach out to us for Paid support, Refer our support plans Here
Latest posts by Shishir Chandrawat (see all)
- Exchange 2010 Std: Mailbox server has reached the maximum database limit of 5 Error RcrExceedDbLimitException - December 12, 2016
- Exchange 2010: Unable to add Mailbox Database copies on DAG member servers, Error: An error occurred while processing a request on server - December 12, 2016
- Unable to Mount Microsoft Exchange DAG Database, Error: Failed to determine the mount status of the active database copy - December 12, 2016