SonicOS 7.1 IPSec VPN

VPN Auto Provisioning > Configuring a VPN AP Client
Table of Contents

Configuring a VPN AP Client

VPN AP Client settings are configured on the client firewall by adding a VPN policy on the NETWORK | IPSec VPN > Rules and Settings page in SonicOS.

To configure remote client firewall settings using VPN Auto Provisioning

  1. Navigate to the NETWORK | IPSec VPN > Rules and Settings page.
  2. Select IPv4 for the IP Version.
  3. Click +Add. The VPN Policy dialog displays.

  4. In the Authentication Method drop-down menu, select SonicWall Auto Provisioning Client. The page refreshes with different fields.

  5. In the Name field, type in a descriptive name for the VPN policy.
  6. In the IPsec Primary Gateway Name or Address field, enter the Fully Qualified Domain Name (FQDN) or the IPv4 address of the VPN AP Server.

  7. For Authentication Method, select either:

    • Preshared Secret – Uses the VPN Auto Provisioning client ID and shared secret that you enter next. This option is selected by default. Proceed to Step 8.

    • Certificate – Uses the X.509 certificate that you select next (the certificate must have been previously stored on the appliance). Skip to Step 14.

  8. If you selected Preshared Secret for the Authentication Method, then under SonicWall Settings, type the VPN Auto Provisioning client ID into the VPN AP Client ID field.

    The client ID is determined by the configuration of the VPN AP Server (the SonicWall firewall configured as the SonicWall Auto Provisioning Server).

    This VPN policy value has to match at both the AP Server and AP Client side. A single AP Server policy can also be used to terminate multiple AP Clients.

  9. Optionally, select Use Default Provisioning Key to use the default key known to all SonicWall appliances for the initial Security Association. After the SA is established, the Preshared Secret configured on the VPN AP Server is provisioned to the VPN AP Client for future use.

    The VPN AP Server must be configured to accept the Default Provisioning Key. If it is not, SA establishment fails.

    If you selected Use Default Provisioning Key, skip to Step 13.

  10. If you did not select Use Default Provisioning Key, then optionally clear the Mask Shared Secret checkbox before typing anything into the Shared Secret field. This checkbox is selected by default, which hides typed characters. If this checkbox is reselected, then the values from the Shared Secret field are automatically copied to the Confirm Shared Secret field.
  11. In the Shared Secret field, type in the shared secret. This must be the same as the shared secret configured on the VPN AP Server, and must be a minimum of four characters.
  12. In the Confirm Shared Secret field, type in the shared secret again. It must match the value entered in the Shared Secret field.
  13. Skip to Step 15 for information about entering the user credentials under User Settings. User credentials are optional.

  14. If you selected Certificate for the Authentication Method, then under SonicWall Settings select the desired certificate from the Local Certificate drop-down menu.

  15. Under User Settings, type the user name to be used for the optional user credentials into the User Name field. This user name is sent through XAUTH for user-level authentication.
  16. Optionally clear the Mask User Password checkbox before typing anything into the User Password field. This checkbox is selected by default. If selected, the typed characters are represented as dots. Clearing this checkbox displays the values in plain text and automatically copies the value entered in the User Password field to the Confirm User Password field.
  17. In the User Password field, type in the user password.
  18. In the Confirm User Password field, type in the user password again.
  19. When ready, click Save to add the VPN policy.