Dell SonicWALL Global VPN Client 4.9 Administrators Guide
Contents
1. 2 0065520 e cece eee eee 14 Specifying Global VPN Client Launch Options 15 Managing the Global VPN Client System Tray Icon 000 16 Adding VPNYCOMNCCUONS sis ewes dere ta nga ware Ee ee eel ae RE DR aes 16 Understanding VPN Connections 0 0000 cece eee 17 Creating a VPN Connection Using the New Connection Wizard 18 Importing a VPN Configuration File ie ee Es EE cc eee ER ER Ek ds ek 20 Configuring a Dial Up VPN Connection EE EE Ee ee ee 20 Using Global VPN Client from a Different Workstation 22 Making VPN Edritiecliofis san osse OR Ee De Re GR ee ee GERS 23 Accessing Redundant VPN Gateways ie EE eee tee 24 Enabling a VPN Connection c 000 00 deeb ed eee cies vee dee eee ER RE Ss 24 Establishing Multiple Connections 5505 cece eee ee eee ee 25 Entering a Pre Shared Key is ses EE ds Re Ee ees 26 selecting a Certificate ED RE RE RD BERE AE DR AE DR WEE Eee EER ER 27 Username and Password Authentication ie EE eee ee 27 Creating a Connection Shortcut 2 0 2 2 00000 ee 28 Connection Warning ese EE bee easedee des RE ER Ge eed eee Pe ees 28 Checking the Status of VPN Connections EE ke ES EE Ee ee ee eee 28 Disabling a VPN Connection ces SMEER DEE GE De A ER RR ee 29 Table of Contents 3 Configuring VPN Connection Properties iS ES Ee eee ees 30 Connection Properties Ge2. Failed to build a DSS object 56 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide ERROR Failed to build dead peer detection packet ERROR Failed to build dead peer detection reply message ERROR Failed to build dead peer detection request message ERROR Failed to build phase 1 delete message ERROR Failed to calculate DES mode from ESP transfer ERROR Failed to calculate policy configuration attributes length ERROR Failed to calculate XAuth attributes length ERROR Failed to compute IV for connection entry ERROR Failed to construct certificate payload ERROR Failed to construct certificate request payload ERROR Failed to construct certificate ERROR Failed to construct destination proxy ID payload ERROR Failed to construct DSS signature ERROR Failed to construct hash payload ERROR Failed to construct IPSEC nonce payload ERROR Failed to construct IPSEC SA payload ERROR Failed to construct ISAKMP blank hash payload ERROR Failed to construct ISAKMP delete hash payload ERROR Failed to construct ISAKMP DPD notify payload ERROR Failed to construct ISAKMP ID payload ERROR Failed to construct ISAKMP info hash payload ERROR Failed to construct ISAKMP key exchange payload ERROR Failed to construct ISAKMP nonce payload ERROR Failed to construct ISAKMP notify payload ERROR Failed to construct
3. ERROR Failed to verify mode config message hash payload ERROR Hash algorithm is not supported ERROR Hash Payload does not match ERROR Hash size invalid ERROR Header invalid verified ERROR Invalid certificate ASN sequence is not correct ERROR Invalid certificate payload length is too small ERROR Invalid hash payload ERROR Invalid payload Possible overrun attack ERROR Invalid SA state ERROR Invalid signature payload ERROR Invalid SPI size ERROR is not a supported Diffie Hellman group type ERROR is not a supported DOI ERROR is not a supported exchange type Appendix C Log Viewer Messages 59 60 ERROR is not a supported ID payload type ERROR is not a supported IPSEC protocol ERROR is not a supported notify message type ERROR is not a supported payload type ERROR is not a supported policy configuration attribute type ERROR is not a supported policy configuration message type ERROR is not a supported proxy ID payload type ERROR is not a supported XAuth attribute type ERROR is not a valid quick mode state ERROR is not a valid XAuth message type ERROR is not a valid XAuth status ERROR ISAKMP SA delete msg for a different SA ERROR No certificate for CERT authentication ERROR No entry in the system IP address table was found with index ERROR No KE payload while PFS configured mess
4. Limited Warranty Dell warrants that a the SOFTWARE PRODUCT will perform substantially in accordance with the accompanying written materials for a period of ninety 90 days from the date of receipt and b any Support Services provided by Dell shall be substantially as described in applicable written materials provided to you by Dell Any implied warranties on the SOFTWARE PRODUCT are limited to ninety 90 days Some states and jurisdictions do not allow limitations on duration of an implied warranty so the above limitation may not apply to you Customer Remedies Dell s and its suppliers entire liability and your exclusive remedy shall be at Dell s option either a return of the price paid or b repair or replacement of the SOFTWARE PRODUCT that does not meet Dell s Limited Warranty and which is returned to Dell with a copy of your receipt This Limited Warranty is void if failure of the SOFTWARE PRODUCT has resulted from accident abuse or misapplication Any replacement SOFTWARE PRODUCT shall be warranted for the remainder of the original warranty period or thirty 30 days whichever is longer Outside of the United States neither these remedies nor any product Support Services offered by Dell are available without proof of purchase from an authorized Dell SonicWALL international reseller or distributor No Other Warranties To the maximum extent permitted by applicable law Dell and its suppliers licensors disclaim all other warr
5. The Status page in the Properties dialog box displays more detailed information about the status of an active VPN connection To display the Status tab for any VPN connection use one of the following methods Double click the active VPN connection Select the VPN connection then press Ctrl T Select the VPN connection then click the Status button on the toolbar Right click the VPN connection in the Global VPN Client window and select Status Main Gateway Properties ca General User Authentication Peers Status SP This page shows the current status of this connection Connection Status Connected Peer IP Address 67 115 118 8 Duration 00 01 22 Activity Sent Received Packets 931 785 Bytes 266007 220282 Reset Virtual IP Configuration IP Address Subnet Mask EE 10 50 12 13 255 255 255 0 Renew OK Cancel Apply Help MA Tip For more information on the Status page see Connection Properties Status Settings on page 36 Disabling a VPN Connection Disabling a VPN connection terminates the VPN tunnel You can disable a VPN connection using any of the following methods e Right click the VPN connection in the Global VPN Client window and select Disable e Right click the Global VPN Client icon on the system tray and choose Disable gt connection e Select the connection then press Ctrl B e Select the connection and click the Disable button on the toolbar
6. Allows IP address provisioning across a VPN tunnel for the corporate network while allowing WAN DHCP for Internet Access from the ISP e Secure VPN Configuration Critical Global VPN Client configuration information is locked from the user to prevent tampering Dell SonicWALL Global VPN Client Overview 5 e AES and 3DES Encryption Supports 168 bit key 3DES Data Encryption Standard and AES Advanced Encryption Standard for increased security AES requires SonicOS 2 0 or higher on the Dell SonicWALL VPN gateway appliance GMS Management Allows Global VPN Client connections to be managed by Dell SonicWALL s award winning Global Management System GMS Multi Platform Client Support Supports 32 bit and 64 bit versions of Windows 8 1 Windows 8 Windows 7 Windows XP and Windows Vista NAT Traversal Enables Global VPN Client connections to be initiated from behind any device performing NAT Network Address Translation The Dell SonicWALL Global VPN Client encapsulates IPsec VPN traffic to pass through NAT devices which are widely deployed to allow local networks to use one external IP address for an entire network Automatic Reconnect When Error Occurs Allows the Global VPN Client to keep retrying a connection if it encounters a problem connecting to a peer This feature allows the Global VPN Client to automatically make a connection to a Dell SonicWALL VPN gateway that is temporarily disabled without manual interventio
7. lt DialupLeaveConnected gt 0 lt DialupLeaveConnected gt lt DPDInterval gt 3 lt DPDInterval gt lt DPDAttempts gt 3 lt DPDAttempts gt lt DPDAlwaysSend gt 0 lt DPDAlwaysSend gt lt Peer gt lt Peer gt lt HostName gt 1 2 3 4 lt HostName gt lt EnableDeadPeerDetection gt 1 lt EnableDeadPeerDetection gt lt ForceNAT Traversal gt 0 lt ForceNAT Traversal gt lt DisableNAT Traversal gt 0 lt DisableNAT Traversal gt lt NextHop gt 0 0 0 0 lt NextHop gt lt Timeout gt 3 lt Timeout gt lt Retries gt 3 lt Retries gt lt UseDefaultGWAsPeerIP gt 0 lt UseDefaultGWAsPeerIP gt lt InterfaceSelection gt 0 lt InterfaceSelection gt lt WaitForSourcelP gt 0 lt WaitForSourcelP gt lt DialupUseMicrosoftDUN gt 1 lt DialupUseMicrosoftDUN gt lt DialupApp gt c program files aol aol exe lt DialupApp gt lt DialupPhonebook gt text lt DialupPhonebook gt lt DialupLeaveConnected gt 0 lt DialupLeaveConnected gt lt DPDInterval gt 3 lt DPDInterval gt lt DPDAttempts gt 3 lt DPDAttempts gt lt DPDAlwaysSend gt 0 lt DPDAlwaysSend gt lt Peer gt lt Connection gt 52 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide Connection name Overseas Gateway gt lt Description gt This is the firewall to connect when traveling overseas lt Description gt lt Flags gt lt AutoConnect gt 0 lt AutoConnect gt lt Forcelsakmp gt 1 lt Forcelsakmp gt lt ReEnableOnWake gt 0 lt ReEnableOnWake gt lt ReconnectO
8. The configuration for the connection is up to date INFO The configuration has been updated and must be reloaded INFO The connection has entered an unknown state INFO The connection is idle INFO The hard lifetime has expired for phase 1 INFO The hard lifetime has expired for phase 2 with INFO The IP address for the virtual interface has been released INFO The IP address for the virtual interface has changed to INFO The ISAKMP port 500 is already in use Port will be used as the ISAKMP source port INFO The peer is not responding to phase 2 ISAKMP requests to INFO The phase 1 SA has been deleted INFO The phase 1 SA has died INFO The phase 2 SA has been deleted INFO The phase 2 SA has died INFO The SA lifetime for phase 1 is seconds INFO The SA lifetime for phase 2 is seconds INFO The soft lifetime has expired for phase 1 INFO The soft lifetime has expired for phase 2 with INFO The system ARP cache has been flushed INFO Unable to encrypt payload INFO User authentication has failed INFO User authentication has succeeded INFO User authentication information is needed to complete the connection INFO XAuth has requested a username but one has not yet been specified Log Viewer Warning Messages 64 The following table lists possible Warning m
9. 2 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide ERROR Unable to read configuration file ERROR User did not enter XAuth next pin ERROR XAuth CHAP reguests are not supported at this time ERROR XAuth failed ERROR XAuth has reguested a password but one has not yet been specified Log Viewer Info Messages The following table lists possible Information messages Table 3 Log Viewer Info Messages INFO The connection has been disabled INFO A certificate is needed to complete phase 1 INFO A phase 2 SA can not be established with until a phase 1 SA is established INFO A pre shared key is needed to complete phase 1 INFO AG failed SA state unknown Peer INFO An incoming ISAKMP packet from was ignored INFO DSS g value INFO DSS p value INFO DSS g value INFO Event publisher deregistered INFO Event publisher registered for INFO Failed to negotiate configuration information with INFO Found CA certificate in CA certificate list INFO Ignoring unsupported payload INFO Ignoring unsupported vendor ID INFO ISAKMP phase 1 proposal is not acceptable INFO ISAKMP phase 2 proposal is not acceptable INFO MM failed Payload processing failed OAK_MM_KEY_EXCH Peer INFO MM failed Payload processing failed OAK_MM_NO_STATE Peer INFO MM failed Payload processing failed OAK_MM_SA_SETUP Pee
10. DAMAGES THE ABOVE LIMITATION MAY NOT APPLY TO YOU Software License Agreement This Software License Agreement SLA is a legal agreement between you and Dell Inc Dell for the Dell SonicWALL Global VPN Client which includes computer software and any and all associated media printed materials and online or electronic documentation SOFTWARE PRODUCT By opening the sealed package s installing or otherwise using the SOFTWARE 66 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide License PRODUCT you agree to be bound by the terms of this SLA If you do not agree to the terms of this SLA do not open the sealed package s install or use the SOFTWARE PRODUCT You may however return the unopened SOFTWARE PRODUCT to your place of purchase for a full refund The SOFTWARE PRODUCT is protected by copyright laws and international copyright treaties as well as by other intellectual property laws and treaties The SOFTWARE PRODUCT is licensed not sold e Title to the SOFTWARE PRODUCT licensed to you and all copies thereof are retained by Dell or third parties from whom Dell has obtained a licensing right You acknowledge and agree that all right title and interest in and to the SOFTWARE PRODUCT including all associated intellectual property rights are and shall remain with Dell This SLA does not convey to you an interest in or to the SOFTWARE PRODUCT but only a limited right of use revocable in accordance with the terms o
11. Guide Note Creating a default rcf file and distributing it with the Global VPN Client software allows the Dell SonicWALL VPN Gateway administrator to streamline VPN client deployment and allow users to quickly establish VPN connections If a default rcf file is included with the downloaded Global VPN Client software the VPN policy configured by the Dell SonicWALL VPN Gateway administrator is used to automatically create a connection when the client software is installed For more information on creating the default rcf file see Appendix A Using the Default rcf File for Global VPN Clients on page 47 Note Your Dell SonicWALL appliance be configured with GroupVPN to facilitate the automatic provisioning of Global VPN Clients For instructions on configuring your appliance with GroupVPN see your SonicOS Administrator s Guide Note For instructions on importing a certificate into the Global VPN Client see Using Certificates on page 38 Understanding VPN Connections The Global VPN Client allows multiple connections to be configured at the same time whether they are provisioned from multiple gateways or imported from one or more files Because connections may be provisioned from multiple gateways each connection explicitly states allowed behavior in the presence of any connection policy conflicts You may have VPN connections that don t allow other VPN connections or Internet and network connections while the VPN policy is
12. ISAKMP packet header ERROR Failed to construct ISAKMP phase 1 delete payload ERROR Failed to construct ISAKMP SA payload ERROR Failed to construct ISAKMP vendor ID payload ID ERROR Failed to construct mode config hash payload ERROR Failed to construct NAT discovery payload ERROR Failed to construct PFS key exchange payload ERROR Failed to construct policy provisioning payload ERROR Failed to construct quick mode hash payload ERROR Failed to construct quick mode packet ERROR Failed to construct responder lifetime payload ERROR Failed to construct RSA signature ERROR Failed to construct signature payload ERROR Failed to construct source proxy ID payload ERROR Failed to construct XAuth payload Appendix C Log Viewer Messages 57 58 ERROR Failed to convert the peer name to an IP address ERROR Failed to create a new connection entry an entry already exists with ID ERROR Failed to create connection entry with message ID ERROR Failed to decrypt buffer ERROR Failed to decrypt mode config payload ERROR Failed to decrypt notify payload ERROR Failed to decrypt packet ERROR Failed to decrypt guick mode payload ERROR Failed to encrypt mode config payload ERROR Failed to encrypt notify payload ERROR Failed to encrypt packet ERROR Failed to encrypt quick mode payload ERROR Failed to expand packet to size bytes
13. does not allow any additional Global VPN Client connections Once the number of simultaneous Global VPN Client drops below the license limit new Global VPN connections can be established Group VPN Connections Supported by Each Appliance Model Each Dell SonicWALL appliance model supports a different number of Global VPN Client licenses You can purchase Global VPN Client software and Global VPN Client Licenses from your reseller or online at mysonicwall com Activating Your Dell SonicWALL Global VPN Clients In order to activate and download your Dell SonicWALL Global VPN Client software you must have a valid mysonicwall com account and your Dell SonicWALL appliance must be registered to your account If you do not have a mysonicwall com account or if you have not registered your appliance to your account create an account and then follow the registration instructions at hitp www mysonicwall com To activate your Global VPN Client license Log in to your mysonicwall com account Select the registered Dell SonicWALL network security appliance Select Global VPN Client from the Applicable Services menu Select Activate Type in your activation key in the Activation Key field Click Submit Upon successful activation a confirmation message will be displayed For future reference record the Serial Number of the Dell SonicWALL appliance Your license activation is now complete DE Es HER he EP Downloading Global VPN Client Softwa
14. enabled The VPN connection policy includes all the parameters necessary to establish secure IPsec tunnels to the gateway A connection policy includes Phase 1 and Phase 2 Security Associations SA parameters including e Encryption and authentication proposals e Phase 1 identity payload type e Phase 2 proxy IDs traffic selectors e Client Phase 1 credential Allowed behavior of connection in presence of other active connections e Client caching behavior Adding VPN Connections 17 Creating a VPN Connection Using the New Connection Wizard The following instructions explain how to use the New Connection Wizard to automatically download a VPN connection policy for the Global VPN Client from a local or remote Dell SonicWALL VPN gateway 1 Choose Start gt Programs gt Global VPN Client The first time you open the Dell SonicWALL Global VPN Client the New Connection Wizard automatically launches New Connection Wizard my Welcome to the New Connection SonicWALL 5 Wizard This wizard will guide you through the process of adding a new connection to your configuration To continue click Next Gack Jess Gee 2 If the New Connection Wizard does not display click the New Connection button to launch the New Connection Wizard 3 Click Next 18 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide 4 Inthe next screen type the IP address or FODN of the gateway in the IP Address or Domain Name
15. every 5 Seconds Assume peer is dead after 5 Failed Checks Check for dead peer every choose from 3 5 10 15 20 25 or 30 seconds Assume peer is dead after choose from 3 4 or 5 Failed Checks NAT Traversal Choose one of the following three menu options Automatic Automatically determines whether or not to use UDP encapsulation of IPsec packets between the peers Forced On Forces the use of UDP encapsulation of IPsec packets even when there is no NAPT NAT device in between the peers Disabled Disables use of UDP encapsulation of IPsec packets between the peers Interface Selection Defines the interface used by this VPN connection Automatic Automatically determines the availability of each interface beginning with the LAN interface If the LAN interface is not available the Global VPN Client uses the Dial Up interface LAN Only Defaults to the LAN interface only Dial Up Only Defaults to the Dial Up interface only LAN Settings Displays the LAN Settings dialog box for specifying the setting used when this connection is enabled over the LAN Type the IP address in the Next Hop IP Address field to specify the next hop IP address of a different route than the default route Leaving the setting as zeros instructs the Global VPN Client to use the default route Specify the settings that will be used when this connection is enabled over the local area network LAN You can specify an expl
16. explorer exe program after it launches 7 The C Documents and Settings directory should now contain a folder for user2 8 Close the Global VPN Client and log off as user1 from the workstation You will see the familiar Log On to Windows dialog box 9 Log onto the workstation as user2 using the newly created locally cached profile 10 Launch the Dell SonicWALL Global VPN Client The user2 profile will now provide the credentials for all domain access including running logon scripts 11 You can repeat this procedure as many times as necessary to create additional profiles 12 It is also possible to change an expired user password with this procedure if you have another account available to make the Global VPN Client connection back to the domain controller A simple way to change passwords is from the Windows Security dialog box accessed by pressing Ctrl Alt Delete In the dialog box click Change Password This brings up the Change Password dialog box from which you can change the expired password Making VPN Connections Making a VPN connection from the Global VPN Client is easy because the configuration information is managed by the Dell SonicWALL VPN gateway The SonicOS VPN gateway administrator sets the parameters for what is allowed and not allowed with the VPN connection For example for security reasons the administrator may not allow multiple VPN connections or the ability to access the Internet or local network w
17. have to remove all of the paragraph marks at the end of each line before saving it Verify the file can be imported into the Global VPN Application before distributing it lt xml version 1 0 standalone yes gt lt SW_Client_Policy version 9 0 gt lt Connections gt lt Connection name Corporate Firewall gt lt Description gt This is the corporate firewall Call 1 800 fix today for connection problems lt Description gt lt Flags gt lt AutoConnect gt 0 lt AutoConnect gt lt Forcelsakmp gt 1 lt Forcelsakmp gt lt ReEnableOnWake gt 0 lt ReEnableOnWake gt lt ReconnectOnError gt 1 lt ReconnectOnError gt lt ExecuteLogonScript gt 0 lt ExecuteLogonScript gt lt Flags gt Appendix A Using the Default rcf File for Global VPN Clients 51 lt Peer gt lt HostName gt CorporateFW lt HostName gt lt EnableDeadPeerDetection gt 1 lt EnableDeadPeerDetection gt lt ForceNAT Traversal gt 0 lt ForceNAT Traversal gt lt DisableNAT Traversal gt 0 lt DisableNAT Traversal gt lt NextHop gt 0 0 0 0 lt NextHop gt lt Timeout gt 3 lt Timeout gt lt Retries gt 3 lt Retries gt lt UseDefaultGWAsPeer IP gt 0 lt UseDefaultGWAsPeer P gt lt InterfaceSelection gt 0 lt InterfaceSelection gt lt WaitForSourcelP gt 0 lt WaitForSourcelP gt lt DialupUseMicrosoftDUN gt 1 lt DialupUseMicrosoftDUN gt lt DialupApp gt c program files aol aol exe lt DialupApp gt lt DialupPhonebook gt text lt DialupPhonebook gt
18. id ERROR Out of memory ERROR Phase 1 authentication algorithm is not supported ERROR Phase 1 encryption algorithm is not supported ERROR Protocol ID has already been added to the SA list ERROR Protocol mismatch expected PROTO_IPSEC_AH but got ERROR Protocol mismatch expected PROTO_IPSEC_ESP but got ERROR Publisher deregistration failed ERROR Responder cookie is not zero ERROR RSA signature processing failed signature is not valid ERROR SA hash function has not been set in ERROR Signature Algorithm mismatch is X 509 certificate ERROR Signature verification failed ERROR The certificate is not valid at this time ERROR The current state is not valid for processing mode config payload ERROR The current state is not valid for processing signature payload ERROR The first payload is not a hash payload ERROR The following error occurred while trying to open the configuration file ERROR The peer is not responding to phase 1 ISAKMP requests ERROR The peer is not responding to phase 1 ISAKMP requests ERROR The state flag indicates that the IPSEC SA payload has not been processed ERROR The system interface table is empty ERROR The system IP address table is empty ERROR Unable to compute hash ERROR Unable to compute shared secret for PFS in phase
19. in the Global VPN Client window Disabling a VPN Connection 29 Configuring VPN Connection Properties The Connection Properties dialog box includes the controls for configuring a specific VPN connection profile To open the Connection Properties dialog box choose one of the following methods e Select the connection and choose File gt Properties e Right click the connection and select Properties Select the connection and click the Properties button on the Global VPN Client window toolbar The Connection Properties dialog box includes the General User Authentication Peers and Status tabs Connection Properties General Settings The General tab in the Connection Properties dialog box includes the following settings General User Authentication Peers Status eT cify general settings for this connection Specify g ng Name Gateway mycompany com Description Peer Defined Network Settings Other traffic allowed Enabled Default traffic tunneled to peer Disabled Use virtual IP address Enabled Enable this connection when the program is launched V Immediately establish security when connection is enabled V Automatically reconnect when an error occurs E Automatically reconnect when waking from sleep or hibemation __ Execute domain logon script when connection is established F Run the following command when connection is established ok coce Apy He e Name Disp
20. ED IN DURATION TO THE WARRANTY PERIOD BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS THE ABOVE LIMITATION MAY NOT APPLY TO YOU THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION TO JURISDICTION THIS DISCLAIMER AND EXCLUSION SHALL APPLY EVEN IF THE EXPRESS WARRANTY SET FORTH ABOVE FAILS OF ITS ESSENTIAL PURPOSE DISCLAIMER OF LIABILITY DELL S SOLE LIABILITY IS THE SHIPMENT OF A REPLACEMENT PRODUCT AS DESCRIBED IN THE ABOVE LIMITED WARRANTY IN NO EVENT SHALL DELL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF PROFITS BUSINESS INTERRUPTION LOSS OF INFORMATION OR OTHER PECUNIARY LOSS ARISING OUT OF THE USE OR INABILITY TO USE THE PRODUCT OR FOR SPECIAL INDIRECT CONSEQUENTIAL INCIDENTAL OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE HARDWARE OR SOFTWARE EVEN IF DELL OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN NO EVENT SHALL DELL OR ITS SUPPLIERS LIABILITY TO CUSTOMER WHETHER IN CONTRACT TORT INCLUDING NEGLIGENCE OR OTHERWISE EXCEED THE PRICE PAID BY CUSTOMER THE FOREGOING LIMITATIONS SHALL APPLY EVEN IF THE ABOVE STATED WARRANTY FAILS OF ITS ESSENTIAL PURPOSE BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL
21. ERROR Failed to find an SA list for PROTO_IPSEC_AH ERROR Failed to find an SA list for PROTO_IPSEC_ESP ERROR Failed to find an SA list given the protocol ERROR Failed to find certificate with ID ERROR Failed to find connection entry for message ID ERROR Failed to find exit interface to reach ERROR Failed to find MAC address in the system interfaces table ERROR Failed to find matching SA list ERROR Failed to find message ID and matching cookies in the connection entry list ERROR Failed to find message ID in the connection entry list ERROR Failed to find message ID in the SA list ERROR Failed to find OAKLEY group specified in the SA payload ERROR Failed to find private key for certificate with ID ERROR Failed to find protocol ID in the SA list ERROR Failed to find route to reach ERROR Failed to find sequence number ERROR Failed to find source IP address to reach ERROR Failed to flush the system ARP cache ERROR Failed to generate Diffie Hellman parameters ERROR Failed to generate quick mode initiator key ERROR Failed to generate quick mode responder key ERROR Failed to generate SKEYID ERROR Failed to get the size of the system interfaces table ERROR Failed to get the size of the system IP address table ERROR Failed to get the system interfa
22. Global VPN Client 4 9 Administrator s Guide SonicWALL Notes Cautions and Warnings NOTE A NOTE indicates important information that helps you make better use of your system CAUTION A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed WARNING A WARNING indicates a potential for property damage personal injury or death PPR 2014 Dell Inc Trademarks Dell the DELL logo SonicWALL and all other SonicWALL product and service names and slogans are trademarks of Dell Inc 2014 08 P N 232 002356 00 Rev B 2 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide Table of Contents Dell SonicWALL Global VPN Client Overview ee EE EE Ee SE ke ee 5 Dell SonicWALL Global VPN Client Features ie EE Ee ee ee ke ee 5 Global VPN Client Enterprise EG Ge eee 7 ADOULIIS GUIAE EE BEE ED ER Siar hn EE ER Ge N Ge ei 7 Conventions Used in this Guide eie ER EE 00 ER RE EE EE EE ke ee ee 7 l oris Used inthis Guide sb PER EE EE Ge ED SE GE EE a 8 Getting Started with the Global VPN Client EE EE EE Re ee eee 8 Installing the Global VPN Client 0 EE eet ER RE EER Re Re eee 8 Upgrading Global VPN Client from a Previous Version 12 Installing Global VPN Client with a Ghost Application 13 Command Line Options for Installation 202000000005 13 Launching the Global VPN Client
23. Global VPN Client application The Global VPN Client CLI enables the setting up of scripts that automatically initiate a secure tunnel anytime a particular application or connection method is started The CLI commands require the use of a complete path name to the Global VPN Client application followed by various flags and variable information such as username or password Caution Embedding a user s password directly in a script is a security risk Anyone who can gain access to the script can read the password to circumvent security It is recommended that scripts or programmatic dashboards ask for the password before initiating a connection and then clear the variable Command Line Options You can use the following options to perform a variety of Global VPN Client actions from the command line IE Connection Name Enables the specific connection ID Connection Name Disables the specific connection e Q Quits a running an instance of the program Ignored if program is not already running Dell SonicWALL Global VPN Client 4 9 Administrator s Guide A filename Starts the program and sends all messages to the specified log file If no log file is specified the default file name is gvcauto log If the program is already running this option is ignored U Username Username to pass to XAUTH Must be used in conjunction with E P Password Password to pass to XAUTH Must be used in conjunctio
24. Group User Certificates Select Certificate Issued To Issued By Certificate Information No certificate is selected In the Select Certificate Group drop down list you can select User CA or Trusted Root CA to display the list of each type of certificate currently available for your VPN policies User Certificates are the local digital certificates used to establish the VPN Security Association CA Certificates are the digital certificates used to validate the user certificates A Trusted Root CA certificate is used to validate the CA Certificates Select the certificate in the list and then e Click the Import button in the Certificate Manager window to display the Import Certificate window to import a certificate file e Click the Remove button to delete the selected certificate e Click the Details button to view the selected certificate details ly Tip For more information on using certificates for your VPN on the Dell SonicWALL appliance see the SonicOS Administrator s Guide Using Certificates 39 Troubleshooting the Global VPN Client The Dell SonicWALL Global VPN Client provides tools for troubleshooting your VPN connections This section explains using Log Viewer generating a Help Report accessing Dell SonicWALL s Support site using the Dell SonicWALL Global VPN Client help system and uninstalling the Global VPN Client Understanding the Global VPN Client Log 40 The Global VPN Client L
25. Help e Connection Status Indicates whether VPN connection is enabled or disabled Peer IP Address Displays the IP address of the VPN connection peer Duration Displays connection time 36 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide Details Displays the Connection Status Details dialog box which specifies the negotiated phase 1 and phase 2 parameters as well as the status of all individual phase 2 SAs EE Oe 8 This window shows the details of the IPsec connection Negotiated Phase Parameters Encryption Algorithm 3DES CEC 192bits Hash Algorithm SHA Authentication Method XAuth Initiator with Pre shared key Diffie Hellman Group Altemate 1536 bit MODP Group 5 Expiration Time Wednesday December 18 2013 07 49 27 PM Negotiated Phase Parameters Protocol Encapsulating Security Payload Encapsulation Mode UDP Encapsulation Tunnel Encryption Algorithm Triple DES 192bits Hash Algorithm HMAC SHA Diffie Hellman Group Altemate 1536 bit MODP Group 5 Destination Proxy IDs gt Network Subnet Mask Port State 10 0 0 0 255 255 0 0 BOOTPS Complete E 10 0 0 0 255 255 0 0 Any Complete E 10 50 0 0 255 255 128 0 Any Complete 10 50 1280 255 255 224 0 Any Complete a An EN 10 NN NEE NEE NEE NEE Mass essleis e Activity Packets Displays number of packets sent and received through the VPN tunnel Bytes Displays number of bytes sent and received thr
26. L Global VPN Client directory based on the default rcf file settings Caution The Connections rcf file is user specific and in most cases will not work for another user running the Dell SonicWALL Global VPN Client even on the same machine Caution Removing an existing Connections rcf file will remove the VPN connections created in the Global VPN Client These VPN connections can be added again from the Global VPN Client into the new Connections rcf file 48 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide Creating the Default rcf File You can create your custom default rcf file from any text editor such as Windows Notepad Default rcf Notepad iol xl File Edit Format Help lt xml version 1 0 standalone yes gt lt Sw_Client_Policy version 9 0 gt lt Connections gt lt Connection name Corporate Firewall gt EE is the corporate firewall Call 1 800 fix today for problems with lt Flaqs gt lt AUTOCONNect gt 0 lt Autoconnect gt lt Forcelsakmp gt 1 lt Forcelsakmp gt lt ReEnab eonwake gt 0 lt ReEnab eonwake gt lt Flags gt lt Peer gt lt HostName gt 0 0 0 0 lt HOStName gt lt Enab eDeadPeer Detect ion gt 1 lt Enab ebeadPeer Detection gt lt ForcenaTtraversal gt 0 lt ForceNaTTraversal gt lt NextHop gt 0 0 0 0 lt NextHop gt lt Timeout gt 3 lt Timeout gt lt Retries gt 3 lt Retries gt lt Peer gt lt Peer gt lt HostName gt Redundant acme com lt HostNam
27. L gateway lt EnableDeadPeerDetection gt Off 0 On 1 lt EnableDeadPeerDetection gt Enables detection if the Peer stops responding to traffic This will send Vendor ID to the Dell SonicWALL appliance during IKE negotiation to enable Dead peer detection heart beat traffic NAT Traversal There is a drop down selection list containing the following three items Automatic Detects if NAT Traversal is on or off e Forced On Forces NAT Traversal On Disabled Forces NAT Traversal Off To specify Automatic in a custom default rcf file set ForceNAT Traversal and DisableNAT Traversal to 0 or do not list these tags at all lt ForceNATTraversal gt Off 0 On 1 lt ForceNATTraversal gt Forces NAT traversal even without a NAT device in the middle Normally NAT devices in the middle are automatically detected and UDP encapsulation of IPSEC traffic starts after IKE negotiation is complete lt DisableNATTraversal gt Off 0 On 1 lt DisableNATTraversal gt Disables NAT traversal even without a NAT device in the middle Normally NAT devices in the middle are automatically detected and UDP encapsulation of IPSEC traffic starts after IKE negotiation is complete lt NextHop gt P Address lt NextHop gt The IP Address of the next hop for this connection This is ONLY used if there is a need to use a next hop that is different from the default gateway lt Timeout gt 3 lt Timeout gt Defines timeout value in seconds for packet retransmission
28. S 6 Group Policies 6 GroupVPN Policy 45 H Help Generate Report 43 Global VPN Client Help 45 l Icon System Tray 16 IKE 23 24 45 Importing VPN Connection 20 Info Messages 61 Installation 8 CLI 13 Ghost 6 13 Setup Wizard 9 Upgrading 12 IPsec 45 ISAKMP 24 L Launch Options 15 Launching Global VPN Client 14 Licensing 46 Agreement 66 Log Viewer 40 Error Messages 55 Info Messages 61 Messages 55 Warning Messages 64 Logging Auto Logging 42 Options 42 M Mapped Network Drives 6 Multiple VPN Connections 25 MySonicWALL Account 46 N NAT 6 7 35 Network Services 6 NT Domain Access 6 0 Overview Global VPN Client 5 P Password 27 Peers 33 Dead Peer Detection 34 Information 34 Settings 30 Platforms 6 Pre Shared Key 26 Profile Locally Induced 22 Program Auto Start 7 Properties Connection 30 Provisioning 5 47 R RADIUS 5 27 Reconnect 6 Redundant Gateways Configuration 24 Remote Access From New Workstation 22 Report Emailing 44 Help 43 Roaming 6 S Shortcut 28 Smart Card 6 Software License Agreement 66 Status Connection 28 Tunnels 6 Support Dell SonicWALL Technical Support 44 Supported Platforms 6 System Tray Icon 16 T Troubleshooting 40 Default rcf File 54 Generate Report 43 Log Viewer 40 Tunnel All 5 7 30 Tunnel state 6 U Uninstalling Global VPN Client 45 Upgrading GVC 12 USB Token 6 Username 27 V VPN Connections About 17 Adding 16 Arranging 38 Certificate 27 D
29. TWARE PRODUCT You shall not reverse engineer de compile or disassemble the SOFTWARE PRODUCT in whole or in part The provisions of this section will survive the termination of this SLA Dell grants you a non exclusive license to use the SOFTWARE PRODUCT for Dell SonicWALL network security appliances OEM If the SOFTWARE PRODUCT is modified and enhanced for a Dell SonicWALL OEM partner you must adhere to the software license agreement of the Dell SonicWALL OEM partner Exports License Licensee will comply with and will at Dell s request demonstrate such compliance with all applicable export laws restrictions and regulations of the U S Department of Commerce the U S Department of Treasury and any other any U S or foreign agency or authority Licensee will not export or re export or allow the export or re export of any product technology or information it obtains or learns pursuant to this Agreement or any direct product thereof in violation of any such law restriction or regulation including without limitation export or re Copyright Warranty and License Agreement 67 export to Cuba Iran Iraq Libya North Korea Sudan Syria or any other country subject to applicable U S trade embargoes or restrictions or to any party on the U S Export Administration Table of Denial Orders or the U S Department of Treasury List of Specially Designated Nationals or to any other prohibited destination or person pursuant to U S la
30. WARNING The pre shared key dialog box was cancelled by the user The connection will be disa bled WARNING The select certificate dialog box was cancelled by the user The connection will be disa bled WARNING The username password dialog box was cancelled by the user The connection will be disabled WARNING Unable to decrypt payload Copyright Warranty and License Agreement Copyright Notice 2014 Dell Inc All rights reserved Under the copyright laws this manual or the software described within can not be copied in whole or part without the written consent of the manufacturer except in the normal use of the software to make a backup copy The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original This exception does not allow copies to be made for others whether or not sold but all of the material purchased with all backup copies can be sold given or loaned to another person Under the law copying includes translating into another language or format SonicWALL is a registered trademark of Dell Inc Other product and company names mentioned herein can be trademarks and or registered trademarks of their respective companies Specifications and descriptions subject to change without notice Copyright Warranty and License Agreement 65 Limited Warranty Dell Inc warrants that commencing from the delivery date to Customer but in any case commencing no
31. Windows platforms or 64 for 64 bit Windows platforms from MySonicWALL double click GVCSetupXX exe The Setup Wizard launches You are about to upgrade Global VPN Client from version 4 9 0 to version 4 9 2 Are you sure you want to continue 2 Click Yes to continue with the upgrade process The wizard installs Global VPN Client using the settings from the previous installation Global VPN Client sd Please wait while Windows configures Global VPN Client Time remaining 1 minutes 12 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide 3 Click Yes to restart your computer after the installation completes or click No to restart it later You must restart your system for the configuration changes made to Global VPN Client to take effect Click Yes to restart now or No if you plan to manually restart later Note The upgrade does not take effect until the computer is restarted Installing Global VPN Client with a Ghost Application The installation process is the same when using a ghost application as it is for normal installation DO NOT OPEN the Global VPN Client application after installing it and BEFORE you ghost it The FIRST time that the Global VPN Client is started after a ghost install it randomly creates a unique MAC address for the Dell SonicWALL VPN Adapter Caution f you open the Global VPN Client BEFORE using ghost you receive the same MAC address on each ghosted ins
32. abled VPN connections The Global VPN Client icon in the system tray also acts as a visual indicator of data passing between the Global VPN Client and the Dell SonicWALL gateway Adding VPN Connections Adding a new VPN connection is easy because Dell SonicWALL s Client Policy Provisioning automatically provides all the necessary configuration information to make a secure connection to the local or remote network The burden of configuring the VPN connection parameters is removed from the Global VPN Client user VPN connections can be created using three methods e Download the VPN policy from the Dell SonicWALL VPN Gateway to the Global VPN Client using the New Connection Wizard This wizard walks you through the process of locating the source of your configuration information and automatically downloads the VPN configuration information over a secure IPsec VPN tunnel e Importa VPN policy file into the Dell SonicWALL Global VPN Client The VPN policy is sent to you as a rcf file which you install using the Import Connection dialog box e Install the default rcf file as part of the Global VPN Client software installation or add it after installing the Global VPN Client If the Dell SonicWALL VPN Gateway administrator included the default rcf file as part of the Global VPN Client software one or more preconfigured VPN connections are automatically created when the program is installed 16 Dell SonicWALL Global VPN Client 4 9 Administrators
33. adapter SonicWALL VPN Connection Driver Description SonicWALL Virtual NIC Driver Manufacturer gt SonicWALL Inc Driver Version gt a aa aa a 10 1 0 40 Driver Image Path gt system32 DRIVERS swvnic sys Index Ox00000020 Connection specific DNS Suffix sv us sonicwall com Description SonicWALL Virtual NIC Physical Address 00 60 73 D5 4C 7D MTU j EE OE EE SE Dhep Enabled iaa a Yes Autoconf iguration Enabled v2 Ne ik TD AAA N ED 472 EO 7 To save the report to a text file click Save As To send the report via email click Send To close the report window without taking any action click Don t Send Accessing Dell SonicWALL Global VPN Client Technical Support 44 Dell SonicWALL s comprehensive support services protect your network security investment and offer the support you need when you need it Dell SonicWALL Global VPN Client support is included as part of the support program of your Dell SonicWALL network security appliance Selecting Help gt Technical Support accesses the Dell SonicWALL Support site at http www sonicwall com us en support html The Dell SonicWALL Support site offer a full range of support services including extensive online resources and information on Dell SonicWALL s enhanced support programs You can purchase activate Dell SonicWALL Support Services through your MySonicWALL account at http www mysonicwall co
34. and select Enable from the menu Select the VPN connection and press Ctrl B Select the VPN connection and click the Enable button on the toolbar Select the VPN connection and then choose File gt Enable e Ifthe Global VPN Client icon is displayed in the system tray right click the icon and then select Enable gt connection name The Global VPN Client enables the VPN connection without opening the Global VPN Client window 2 Depending on how the VPN connection is configured the Cannot Enable Connection Enter Pre Shared Secret Enter Username and Password and Connection Warning dialog boxes may be displayed which are explained in the following sections Establishing Multiple Connections You can have more than one connection enabled at a time but it depends on the connection parameters established at the VPN gateway If you attempt to enable a subsequent VPN connection with a currently enabled VPN connection policy that does not allow multiple VPN connections the Cannot Enable Connection message appears informing you the VPN Making VPN Connections 25 connection cannot be made because the currently active VPN policy does not allow multiple active VPN connections The currently enabled VPN connection must be disabled before enabling the new VPN connection gateway sonicwall com x X Cannot Enable Connection Multiple active connecections are not allowed This connection can not be enabled because the connection So
35. anties and conditions either express or implied including but not limited to implied warranties of merchantability fitness for a particular purpose title and non infringement with regard to the SOFTWARE PRODUCT and the provision of or failure to provide Support Services This Limited Warranty gives you specific legal rights You may have others which vary from state jurisdiction to state jurisdiction Copyright Warranty and License Agreement 69 Limitation Of Liability To the maximum extent permitted by applicable law in no event shall Dell or its suppliers licensors be liable for any damages including without limitation special incidental indirect or conseguential whatsoever including without limitation damages for loss of business profits business interruption loss of business information or any other pecuniary loss arising out of the use of or inability to use the SOFTWARE PRODUCT or the provision of or failure to provide Support Services even if Dell has been advised of the possibility of such damages In any case Dell s entire liability under any provision of this SLA shall be limited to the greater of the amount actually paid by you for the SOFTWARE PRODUCT or U S 10 00 provided however if you have entered into a Dell Support Services Agreement Dell s entire liability regarding Support Services shall be governed by the terms of that agreement Because some states and jurisdiction do not allow the exclusion or lim
36. ase 1 negotiation On detection of NAT in middle packets are UDP encapsulated using port 4500 DNS Redirect DNS queries to DNS suffix associated with Virtual Adapter are not sent on the physical adapter e Tunnel All Support Enhancement Provides the ability to route clear traffic to directly connected network interfaces that are configured with the Route All policy which is generally used in the WLAN zone e Program Auto Start on VPN Connection Automatically launches a program with optional arguments when successful VPN connections are established as specified in the Connection Properties dialog box Global VPN Client Enterprise Global VPN Client Enterprise provides the same functionality as the Global VPN Client with the added feature of license sharing About this Guide The Dell SonicWALL Global VPN Client Administrator s Guide provides complete documentation on installing configuring and managing the Dell SonicWALL Global VPN Client This guide also provides instructions for Dell SonicWALL Global VPN Client Enterprise For configuring your Dell SonicWALL security appliance to support Global VPN Clients using SonicOS GroupVPN see the SonicOS Administrator s Guide for the firmware version running on your Dell SonicWALL security appliance your VPN gateway appliance MA Tip Always check http www sonicwall com us en support 3776 html for the latest version of this manual and other manuals Conventions Used i
37. ce table ERROR Failed to get the system IP address table Dell SonicWALL Global VPN Client 4 9 Administrator s Guide ERROR Failed to get transforms from SA list ERROR Failed to match initiator cookie ERROR Failed to match responder cookie ERROR Failed to parse certificate data ERROR Failed to parse configuration file ERROR Failed to read the size of an incoming ISAKMP packet ERROR Failed to re allocate bytes ERROR Failed to receive an incoming ISAKMP packet ERROR Failed to receive an incoming ISAKMP packet The length is incorrect ERROR Failed to send an outgoing ISAKMP packet ERROR Failed to set policy configuration attributes into payload ERROR Failed to set proposals into phase 1 SA payload ERROR Failed to set proposals into phase 2 SA payload ERROR Failed to set responder lifetype attributes ERROR Failed to set the ESP attributes from the SA payload into the SA ERROR Failed to set the IPSEC AH attributes into the phase 2 SA ERROR Failed to set the IPSEC ESP attributes into the phase 2 SA ERROR Failed to set the OAKLEY attributes into the phase 1 SA ERROR Failed to set vendor ID into packet payload ERROR Failed to set XAuth attributes into payload ERROR Failed to sign hash ERROR Failed to verify certificate signature ERROR Failed to verify informational message hash payload
38. connection is fully established A green checkmark is displayed on the VPN connection icon Once the VPN connection is established a pop up notification is displayed from the Global VPN Client system tray icon It displays the Connection Name Connected to IP address and the Virtual IP Address If an error occurs during the VPN connection Error appears in the Status column and an error mark a red X appears on the VPN connection icon A VPN connection that does not successfully complete all phase 2 connections displays a yellow warning symbol on the connection icon 24 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide Note If the Global VPN Client does not establish the VPN connection you can use the Log Viewer to view the error messages to troubleshoot the problem See Understanding the Global VPN Client Log on page 40 for more information To establish a VPN connection using the Global VPN Client follow these instructions 1 Enable a VPN connection using one of the following methods e If you selected Enable this connection when the program is launched in the New Connection Wizard the VPN connection is automatically established when you launch the Dell SonicWALL Global VPN Client e If your VPN connection is not automatically established when you launch the Global VPN Client choose one of the following methods to enable a VPN connection Double click the VPN connection Right click the VPN connection icon
39. detection request INFO Received initial contact notify INFO Received invalid certificate authentication notify INFO Received invalid certificate encoding notify INFO Received invalid certificate notify INFO Received invalid certificate request syntax notify INFO Received invalid cookie notify INFO Received invalid exchange type notify INFO Received invalid flags notify INFO Received invalid ID information notify INFO Received invalid key info notify INFO Received invalid major version notify INFO Received invalid message ID notify INFO Received invalid minor version notify INFO Received invalid payload notify INFO Received invalid protocol ID notify INFO Received invalid signature notify INFO Received invalid SPI notify INFO Received invalid transform ID notify Dell SonicWALL Global VPN Client 4 9 Administrator s Guide INFO Received malformed payload notify INFO Received no proposal chosen notify INFO Received notify SA lifetime notify INFO Received phase 1 delete message INFO Received phase 2 delete message for SPI INFO Received policy provisioning acknowledgement INFO Received policy provisioning OK INFO Received policy provisioning update INFO Rec
40. directory 6 After the install is complete and you start the Global VPN Client it reads the default rcf and creates the defined connections from it Caution The default rcf file must be included in the Global VPN Client installation directory C Program Files Dell SonicWALL Global VPN Client for the program to write the Connections rcf file based on the settings defined in the default rcf file Adding the Default rcf file to the Installed Global VPN Client Directory After the Global VPN Client software is installed and prior to running the program the user can add the default rcf file to the Global VPN Client installation directory C Program Files Dell SonicWALL Global VPN Client When the user launches the Global VPN Client program the configuration file Global VPN Client rcf is created in the C Users lt user gt AppData Roaming Dell SonicWALL Global VPN Client directory based on the default rcf file settings Replacing an Existing Global VPN Client rcf with Default rcf Settings If the configuration file Connections rcf already exists in the C Users lt user gt AppData Roaming Dell SonicWALL Global VPN Client directory the user can remove this file and add the default rcf file to the Global VPN Client installation directory C Program Files Dell SonicWALL Global VPN Client The next time the user launches the Global VPN Client the Connections rcf file is created in the C Users lt user gt AppData Roaming Dell SonicWAL
41. e 4 If the file is encrypted enter the password in the If the file is encrypted specify the password field 5 Click OK Configuring a Dial Up VPN Connection You can use a dial up Internet connection to establish your VPN connection You can configure the VPN connection to use a Microsoft Dial Up Networking phone book entry or a third party dial up application You can also use a dial up connection as an automatic backup for your VPN connection in the event your broadband Internet connection is disabled Note Make sure you create your dial up connection profile using Microsoft Dial up Networking or your third party dial up application before configuring your dial up VPN connection 1 Create a VPN connection using the New Connection Wizard or use an existing VPN connection 20 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide 2 Right click the VPN connection and select Properties from the menu The Properties dialog box is displayed 3 Click the Peers tab 4 Click Edit The Peer Information dialog box is displayed This page allows you to specify an ordered list of peers to which this connection can establish security IP Address or DNS Name gateway mycompany com F Use the default gateway as the peer IP address Packet Sending Response Timeout 3 Seconds Maximum Attempts 3 Attempts Dead Peer Detection Automatic DPD Settings Networking NAT Traversal A
42. e Government is subject to such restrictions or successor provisions 68 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide Miscellaneous Termination This SLA represents the entire agreement concerning the subject matter hereof between the parties and supersedes all prior agreements and representations between them It may be amended only in writing executed by both parties This SLA shall be governed by and construed under the laws of the State of California as if entirely performed within the State and without regard for conflicts of laws Should any term of this SLA be declared void or unenforceable by any court of competent jurisdiction such declaration shall have no effect on the remaining terms hereof The failure of either party to enforce any rights granted hereunder or to take action against the other party in the event of any breach hereunder shall not be deemed a waiver by that party as to subsequent enforcement of rights or subsequent actions in the event of future breaches This SLA is effective upon your opening of the sealed package s installing or otherwise using the SOFTWARE PRODUCT and shall continue until terminated Without prejudice to any other rights Dell may terminate this SLA if you fail to comply with the terms and conditions of this SLA In such event you agree to return or destroy the SOFTWARE PRODUCT including all related documents and components items as defined above and any and all copies of same
43. e T option The C option is only valid when used together with the T option For example type one of the following GVCSetupXX exe c t C TemporaryFiles GVCSetupXX exe T C TemporaryFiles c Launching the Global VPN Client To launch the Dell SonicWALL Global VPN Client choose Start gt Programs gt Global VPN Client Dell SonicWALL Global VPN Client se ea ss File View Help gt Enable Status gt Properties is Show Log Name Peer Status gateway mycompany com gateway mycompany com Disabled Main Gateway gateway01 mycompany com Disabled For Help press F1 If you click X press Alt F4 or choose File gt Close the Global VPN Client window closes but your established VPN connections remain active A message dialog box appears notifying you that the Global VPN Client program and any enabled connections will remain active after the window is closed If you don t want this notification message to display every time you close the Global VPN Client window select Don t show me this message again and then click OK Global VPN Client Hide Notification i A Although vou have closed the connection window the program will i continue to run in the taskbar near the clock so that you will have your secure connections available EEN Don t show me this message again You can open the Global VPN Client window by double clicking the Global VPN Client icon in the system tray or right clicking the icon and s
44. e allows a Global VPN Client to make a connection to a VPN connection that is temporarily disabled without manual intervention If the connection error is due to an incorrect configuration such as the DNS or IP address of the peer gateway then the connection must be manually corrected Check the Log Viewer to determine the problem and then edit the connection This option is enabled by default If an error occurs with this option disabled during an attempted connection the Global VPN Client logs the error displays an error message dialog box and stops the connection attempt Automatically reconnect when waking from sleep or hibernation Automatically re enables the VPN connection after the computer wakes from a sleep or hibernation state This setting is disabled by default Execute logon script when connected After logging into the Dell SonicWALL VPN Gateway and establishing a secure tunnel performs any action configured in the logon script Run the following command when connection is established Allows a program to be automatically executed with optional arguments when successful VPN connections are established Configuring VPN Connection Properties 31 Connection Properties User Authentication Settings The User Authentication page allows you to specify a username and password when user authentication is reguired by the gateway If the Dell SonicWALL VPN gateway does not support the saving caching of a username and password th
45. e gt lt Enab eDeadPeer Detect ion gt 1 lt Enab ebeadPeer Detection gt lt ForcenaTtraversal gt 0 lt ForceNnaTTraversal gt lt NextHop gt 0 0 0 0 lt NextHop gt lt Timeout gt 3 lt Timeout gt lt Retries gt 3 lt Retries gt lt Peer gt lt Connection gt Connection name oOverseas Office gt speseription gt this is the firewall to connect when travelling overseas lt Description gt lt Flags gt lt Autoconnect gt 0 lt aut oconnect gt lt Forcelsakmp gt 1 lt Forcelsakmp gt lt ReEnab eonwake gt 0 lt ReEnab eonwake gt lt Flags gt lt Peer gt lt HostName gt 0 0 0 0 lt HostName gt lt Enabl eDeadPeer Detect ion gt 1 lt Enab ebeadPeer Detect ion gt lt ForcenaTtraversal gt 0 lt ForcenaTtTraversal gt lt NextHop gt 0 0 0 0 lt NextHop gt lt Timeout gt 3 lt Timeout gt lt Retries gt 3 lt Retries gt lt Peer gt lt fConnection gt lt fConnections gt lt f sw_Client_Policy gt Default rcf File Tag Descriptions Tags that you do not explicitly list in the default rcf are set to the default setting which is the same behavior as when you configure a new VPN connection within the Global VPN Client manually The default setting for each tag is highlighted in bracketed bold text like default lt SW_Client_Policy version 9 0 gt lt Connections gt Defines the connection profiles in the default rcf configuration file There is no hard limit defined on the number of connection prof
46. e settings in this page are not active and the message The peer does not allow saving of username and password appears at the bottom of the page General User Authentication Peers Status O This page allows you to specify a username and password when user authentication is required by the gateway Remember my usemame and password The peer does not allow saving of usemame and password Remember my username and password Enables the saving of your username and password for connecting to the Dell SonicWALL VPN gateway Username Enter the username provided by your gateway administrator Password Enter the password provided by your gateway administrator 32 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide Connection Properties Peers Settings The Peers page allows you to specify an ordered list of VPN gateway peers that this connection can use multiple entries allow a VPN connection to be established through multiple VPN gateways An attempt is made to establish a VPN connection to the given VPN gateway peers in the order they appear in the list This page allows you to specify an ordered list of peers to which this connection can establish security Specify the list of peers An attempt will be made to establish Move Up security to the given peers in the order they appear here e To add a peer click Add In the Peer Informa
47. ed for the remote network at the other end of the VPN tunnel is allowed Any network traffic destined for local network interfaces and the Internet is blocked Connection Warning 1 x Enabling this connection will block all traffic that does not get sent to the peer This means that you may no longer be able to browse the Internet share local files etc Do you want to continue IF ves don t show this dialog again You can disable the Connection Warning message from displaying every time you enable the VPN connection by checking If yes don t show this dialog box again Click Yes to continue with establishing your VPN connection Checking the Status of VPN Connections The Dell SonicWALL Global VPN Client includes a variety of indicators to determine the status of your VPN connections The main Global VPN Client window lists your VPN connections and their respective status Disabled Enabled Connected or Error e A successfully connected VPN policy is indicated by a green check mark on the policy icon e AVPN policy that doesn t successfully complete all phase 2 connections displays a yellow warning on the policy icon e AVPN policy that cannot be successfully connected displays an error mark red X on the policy icon e The Global VPN Client icon in the system tray displays a visual indicator of data passing between the Global VPN Client and the gateway 28 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide
48. eived policy provisioning version reply INFO Received policy provisioning version request INFO Received responder lifetime notify INFO Received situation not supported notify INFO Received unequal payload length notify INFO Received unknown notify INFO Received unsupported DOI notify INFO Received unsupported exchange type notify INFO Received XAuth request INFO Received XAuth status INFO Re evaluating ID info after INVALID ID INFO message INFO Releasing IP address for the virtual interface INFO Renewing IP address for the virtual interface INFO Saving configuration file INFO Sending dead peer detection acknowledgement INFO Sending dead peer detection request INFO Sending phase 1 delete INFO Sending phase 2 delete for INFO Sending policy provisioning acknowledgement INFO Sending policy provisioning version reply INFO Sending XAuth acknowledgement INFO Sending XAuth reply INFO Signature Verified INFO Dell SonicWALL Global VPN Client version INFO Dell SonicWALL VPN Client INFO Starting aggressive mode phase 1 exchange INFO Starting authentication negotiation INFO Starting configuration negotiation INFO Starting ISAKMP phase 1 negotiation INFO Starting ISAKMP phase 2 negotiation with INFO Starting main mode phase 1 exchange Appendix C Log Viewer Messages 63 INFO Starting quick mode phase 2 exchange INFO The configuration for the connection has been updated INFO
49. electing Open Global VPN Client Caution Exiting the Dell SonicWALL Global VPN Client from the system tray icon menu disables any active VPN connections MA Tip You can change the default launch setting for Dell SonicWALL Global VPN Client see Specifying Global VPN Client Launch Options on page 15 for more information 14 Dell SonicWALL Global VPN Client 4 9 Administrators Guide MM Tip You can create a shortcut to automatically launch the Global VPN Client window and make the VPN connection from the desktop taskbar or Start menu See Creating a Connection Shortcut on page 28 for more information MA Tip You can launch the Global VPN Client from the command line See Appendix B Using the Global VPN Client CLI on page 54 for more information Specifying Global VPN Client Launch Options You can specify how the Dell SonicWALL Global VPN Client launches and what notification windows appear using the controls in the General tab of the Options dialog box Choose View gt Options to display the Options dialog box Options Specify general settings that control how this program behaves Start this program when log in Wam me before enabling a connection that will block my Intemet traffic Remember the last window state closed or open the next time the program is started When closing the connections window Minimize the window restore it from the task bar Hide the window re open i
50. eleting 38 Dial Up 20 Disabling 29 72 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide Enabling 24 Importing 16 20 Managing 38 Multiple 25 Preconfigured 47 Properties 30 Remote Access 22 Renaming 38 Shortcut 28 Status 28 36 Wizard 16 VPN Gateway Auto redirect 5 Ww Warning Connection 28 Warning Messages 64 Wireless 6 Wizard New Connection 16 18 Setup 9 Workstation Creating New Profile 22 X XAUTH 27 47 73 74 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide
51. eparated for use on more than one computer All title and copyrights in and to the SOFTWARE PRODUCT including but not limited to any images photographs animations video audio music text and applets incorporated into the SOFTWARE PRODUCT the accompanying printed materials and any copies of the SOFTWARE PRODUCT are owned by Dell or its suppliers licensors The SOFTWARE PRODUCT is protected by copyrights laws and international treaty provisions Therefore you must treat the SOFTWARE PRODUCT like any other copyrighted material except that you may install the SOFTWARE PRODUCT on a single computer provided you keep the original solely for backup or archival purposes You may not copy the printed materials accompanying the SOFTWARE PRODUCT U S Government Restricted Rights If you are acquiring the Software including accompanying documentation on behalf of the U S Government the following provisions apply If the Software is supplied to the Department of Defense DOD the Software is subject to Restricted Rights as that term is defined in the DOD Supplement to the Federal Acquisition Regulations DFAR in paragraph 252 227 7013 c 1 If the Software is supplied to any unit or agency of the United States Government other than DOD the Government s rights in the Software will be as defined in paragraph 52 227 19 c 2 of the Federal Acquisition Regulations FAR Use duplication reproduction or disclosure by th
52. essages Table 4 WARNING Log Viewer Warning Messages A password must be entered WARNING AG failed SA state not matching mask process auth Peer WARNING AG failed SA state not matching mask process key Peer WARNING AG failed State OAK_AG_INIT_EXCH is invalid when responder Peer WARNING AG failed State OAK AG NO STATE is invalid when initiator Peer WARNING Failed to process aggressive mode packet Dell SonicWALL Global VPN Client 4 9 Administrator s Guide WARNING Failed to process final guick mode packet WARNING Failed to process informational exchange packet WARNING Failed to process main mode packet WARNING Failed to process mode configuration packet WARNING Failed to process packet payloads WARNING Failed to process payload WARNING Failed to process duick mode packet WARNING Ignoring AUTH message when aggressive mode already complete Peer WARNING Invalid DOI in delete message WARNING Invalid IPSEC SA delete message WARNING Invalid ISAKMP SA delete message WARNING is not a supported OAKLEY attribute class WARNING Protocol ID is not supported in SA payloads WARNING Received an encrypted packet when not crypto active WARNING Received an unencrypted packet when crypto active WARNING Responder lifetime protocol is not supported WARNING The password is incorrect Please re enter the password
53. f private data The Global VPN Client provides an easy to use solution for secure encrypted access through the Internet or corporate dial up facilities for remote users as well as secure wireless networking for Dell SonicWALL Secure Wireless appliance clients using Dell SonicWALL s WiFiSec technology Custom developed by Dell SonicWALL the Global VPN Client combines with GroupVPN on Dell SonicWALL Internet Security Appliances to dramatically streamline VPN deployment and management Using Dell SonicWALL s Client Policy Provisioning technology the SonicOS administrator establishes the VPN connections policies for the Global VPN Clients The VPN configuration data is transparently downloaded from the Dell SonicWALL VPN Gateway Dell SonicWALL Internet Security Appliance to Global VPN Clients removing the burden of provisioning VPN connections from the user For configuring your Dell SonicWALL security appliance to support Global VPN Clients using SonicOS GroupVPN see the SonicOS Administrator s Guide for the firmware version running on your Dell SonicWALL security appliance your VPN gateway appliance Dell SonicWALL Global VPN Client Features The Dell SonicWALL Global VPN Client delivers a robust IPsec VPN solution with these features e Easy to Use Provides an easy to follow Installation Wizard to quickly install the product an easy to follow Configuration Wizard with point and click activation of VPN connections and streamlined
54. f this SLA The SOFTWARE PRODUCT is licensed as a single product Its component parts may not be separated for use on more than one computer e You may install and use one copy of the SOFTWARE PRODUCT or any prior version for the same operating system on a single computer e You may also store or install a copy of the SOFTWARE PRODUCT on a storage device such as a network server used only to install or run the SOFTWARE PRODUCT on your other computers over an internal network However you must acquire and dedicate a license for each separate computer on which the SOFTWARE PRODUCT is installed or run from the storage device A license for the SOFTWARE PRODUCT may not be shared or used concurrently on different computers You may not resell or otherwise transfer for value the SOFTWARE PRODUCT e You may not rent lease or lend the SOFTWARE PRODUCT e You may permanently transfer all of your rights under this SLA provided you retain no copies you transfer all of the SOFTWARE PRODUCT including all component parts the media and printed materials any upgrades and this SLA the recipient agrees to the terms of this SLA and you obtain prior written consent from Dell If the SOFTWARE PRODUCT is an upgrade any transfer must include all prior versions of the SOFTWARE PRODUCT The SOFTWARE PRODUCT is trade secret or confidential information of Dell or its licensors You shall take appropriate action to protect the confidentiality of the SOF
55. field The information you type in the IP Address or Domain Name field appears in the Connection Name field If you want a different name for your connection type the new name for your VPN connection in the Connection Name field Click Next New Connection Wizard New Connection To set up a new connection specify the gateway s domain name or IP address Specify the domain name or IP address of the security gateway IP Address or Domain Name You may also specify a name for this connection Connection Name To continue click Next 5 In the Completing the New Connection Wizard page select any or none of the following options New Connection Wizard Ed SonicWALL Completing the New Connection Wizard Your new connection is ready to be added to your configuration You can set the following options for this new connection E Create a desktop shortcut for this connection E Enable this connection when the program is launched To complete this wizard click Finish Select Create a desktop shortcut for this connection if you want to create a shortcut icon on your desktop for this VPN connection Select Enable this connection when the program is launched if you want to automatically establish this VPN connection when you launch the Dell SonicWALL Global VPN Client 6 Click Finish The new VPN connection appears in the Global VPN Client window Adding VPN Connections 19 Importing a VPN Configurat
56. has already been created ERROR An error occurred ERROR Attributes were specified but not offered ERROR Authentication algorithm is not supported ERROR CA certificate not found in list ERROR Calculated policy configuration attributes length does not match length of attributes set into policy configuration payload ERROR Calculated XAuth attributes length does not match length of attributes set into XAuth payload ERROR Can not change the Diffie Hellman group for PFS ERROR Can not process packet that does not have at least one payload Appendix C Log Viewer Messages 55 ERROR Can not process unsupported mode config type ERROR Can not process unsupported XAuth type ERROR Can not set IPSEC proposals into empty SA list ERROR Cannot do quick mode no SA s to negotiate ERROR certificate error ERROR Certificate ID not specified ERROR Deallocation of event publisher context failed ERROR Diffie Hellman group generator length has not been set ERROR Diffie Hellman group prime length has not been set ERROR DSS signature processing failed signature is not valid ERROR Encryption algorithm is not supported ERROR ESP transform algorithm is not supported ERROR Failed to add a new AH entry to the phase 2 SA list ERROR Failed to add a new ESP entry to the phase 2 SA list ERROR Failed to add IPSEC encapsulation mode into
57. hile the VPN connection is enabled The Global VPN Client supports two IPsec authentication modes e IKE using Preshared Secret IKE using 3rd Party Certificates Preshared Secret is the most common form of the IPsec authentication modes If your VPN connection policy uses 3rd party certificates you use the Certificate Manager to configure the Global VPN Client to use digital certificates Making VPN Connections 23 A Pre Shared Key also called a Shared Secret is a predefined password that the two endpoints of a VPN tunnel use to set up an IKE Internet Key Exchange Security Association This field can be any combination of alphanumeric characters with a minimum length of 4 characters and a maximum of 128 characters Your Pre Shared Key is typically configured as part of your Global VPN Client provisioning If it is not you are prompted to enter it before you log on to the remote network Accessing Redundant VPN Gateways The Global VPN Client supports redundant VPN gateways by manually adding the peer in the Peers page of the VPN connection Properties window The Global VPN Client adds automatic support for redundant VPN gateways if the IPsec gateway s domain name resolves to multiple IP addresses For example if gateway yourcompany com resolves to 67 115 118 7 67 115 118 8 and 67 115 118 9 the Global VPN Client cycles through these resolved IP addresses until it finds a gateway that responds allowing multiple IP addresses to be u
58. ially logging on 3 If you have logged on to the workstation before there will be a locally cached profile that is used to log on a You can then start the Global VPN Client and a connection to the domain is established b After connecting to the domain you can run logon scripts change password access domain resources etc c When you log off the Global VPN Client terminates preventing domain communications 4 If you have never logged on to the workstation before there will not be a locally cached profile so logon will not be possible Because logging off step 3c terminates the Dell SonicWALL Global VPN Client it has historically precluded a different user from logging on and creating a new locally cached profile This has the undesirable effect that only a user with a pre existing locally cached profile can log on over the Global VPN Client The standard workaround for this is to first connect locally to the domain controller and logon with each account expected to use the Dell SonicWALL Global VPN Client This creates a locally cached profile for each account and enables client logon without connection to the Domain Controller The unfortunate result of this workaround is that a user without a cached profile on the computer cannot logon without a sojourn to the network containing the domain controller This can be extremely cumbersome in certain situations such as being located at the Dumont d Urville research statio
59. icit next hop IP address to reach the peer If this IP address cannot be reached a connection to the peer will not be established Next Hop IP Address leave as zero to use default 0 g DK Cancel Configuring VPN Connection Properties 35 e Dial Up Settings Displays the Dial Up Settings dialog box which allows you to select the dial up profile to use making a dial up VPN connection Use Microsoft dial up networking Uses the Microsoft dial up networking profile you specify for making the VPN connection Select the Dial up networking profile from the Phonebook Entry list Select the Do not hang up the modem when disabling this connection to keep the dial up network connection active after disabling the VPN connection Use a third party dial up application Select this option to use a third party dial up program Type the path in the Application field or use the browse button to locate the program Connection Properties Status Settings The Status page shows the current status of the connection Main Gateway Properties xs General User Authentication Peers Status a or This page shows the current status of this connection Connection Status Connected Peer IP Address 67 115 118 8 Duration 00 01 22 Details Activity Sent Received Packets 931 785 Bytes 266007 220282 Reset Virtual IP Configuration IP Address Subnet Mask EE 10 50 12 13 255 255 255 0 Renew OK Cancel Y
60. idered to be lost and the packet will be retransmitted The valid range is 1 10 seconds Maximum Attempts Specifies the maximum number of times the same packet will be sent before determining that the peer is not responding The valid range is 1 10 attempts Dead Peer Detection Three settings are available Automatic This is traffic based DPD If Global VPN Client does not receive response data one way traffic then Global VPN Client exchanges heartbeat packets to detect if the peer gateway is alive If there is no heartbeat packet response for the configured number of failed checks in DPD Settings then Global VPN Client will try to re initiate IKE negotiations This setting is enabled by default Forced On Performs DPD periodically The Global VPN Client exchanges heartbeat packets to detect if the peer gateway is alive If there is no heartbeat packet response for the configured number of failed checks in DPD Settings then Global VPN Client will try to re initiate IKE negotiations Disabled DPD is disabled No heartbeat packets are exchanged This will prevent Global VPN Client from detecting when the gateway is unavailable 34 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide DPD Settings Displays the Dead Peer Detection Settings dialog box aa pI Dead Peer Detection it l This window allows you to specify advanced settings for dead amp peer detection DPD Check for dead peer
61. ient 15 Show the notification when 1 hide the connections window Checking this box activates the SonicWALL Global VPN Client Hide Notification window whenever you close the Global VPN Client window while the program is still running The message tells you that the Global VPN Client program continues to run after you close hide the window Managing the Global VPN Client System Tray Icon When you launch the Global VPN Client window the program icon appears in the system tray on the taskbar This icon provides program and VPN connection status indicators as well as a menu for common Dell SonicWALL Global VPN Client commands Right clicking on the Global VPN Client icon in the system tray displays a menu of options for managing the program e Open Global VPN Client Opens the program window e Enable Displays a menu of VPN connections that can be enabled e Disable Displays a menu of VPN connections that can be disabled Open Log Viewer Opens the Log Viewer to view informational and error messages See Understanding the Global VPN Client Log on page 40 for more information on the Log Viewer e Open Certificate Manager Opens the Certificate Manager See Managing Certificates on page 39 for more information on the Certificate Manager e Exit Exits the Global VPN Client window and disables any active VPN connections Moving the mouse pointer over the Global VPN Client icon in the system tray displays the number of en
62. iles allowed lt Connection name connection name gt Provides a name for the VPN connection that appears in the Global VPN Client window lt Description gt description text lt Description gt Provides a description for each connection profile that appears when the user moves the mouse pointer over the VPN Policy in the Global VPN Client window The maximum number of characters for the lt Description gt tag is 1023 lt Flags gt lt AutoConnect gt Off 0J On 1 lt AutoConnect gt Enables this connection when program is launched Appendix A Using the Default rcf File for Global VPN Clients 49 lt Forcelsakmp gt O ff 0 On 1 lt Forcelsakmp gt Starts IKE negotiation as soon as the connection is enabled without waiting for network traffic If disabled then only traffic to the destination network s will initiate IKE negotiations lt ReEnableOnWake gt Off 0 On 1 lt ReEnableOnWake gt Enables the connection when computer is coming out of sleep or hibernation lt ReconnectOnError gt Off 0 On 1 lt ReconnectOnError gt Automatically keeps trying to enable the connection when an error occurs lt ExecuteLogonScript gt Disable 0 Enable 1 lt ExecuteLogonScript gt Forces launch login script lt Flags gt lt Peer gt Defines the peer settings for a VPN connection A VPN connection can support up to 5 peers lt HostName gt P Address Domain Name lt HostName gt The IP address or Domain name of the Dell SonicWAL
63. ion File A VPN connection can be created as a file and sent to you by the Dell SonicWALL VPN gateway administrator This VPN configuration file has the filename extension rcf If you received a VPN connection file from your administrator you can install it using the Import Connection dialog box The VPN policy file is in the XML format to provide more efficient encoding of policy information Because the file can be encrypted pre shared keys can also be exported in the file The encryption method is specified in the PKCS 5 Password Based Cryptography Standard from RSA Laboratories and uses Triple DES encryption and SHA 1 message digest algorithms Note If the rcf file exported from the Dell SonicWALL appliance is encrypted you must have the password to import the configuration file into the Global VPN Client The following instructions explain how to add a VPN connection by importing a connection file provided by your gateway administrator 1 Choose Start gt Programs gt Global VPN Client 2 Select File gt Import The Import Connection dialog box is displayed Import Connection Import connection settings stored in a configuration file Specify the name of the configuration file to import a ff the file is encrypted specify the password Cancel 3 Type the file path for the configuration file in the Specify the name of the configuration file to import field or click the browse button to locate the fil
64. itation of liability the above limitation may not apply to you 70 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide Index Numerics 3DES 6 A Activating Global VPN Client 46 Adding VPN Connections 16 Adding VPN Connections Default rcf File 16 Import Connection 16 New Connection Wizard 16 18 AES 6 Authentication RADIUS 5 Smart Card USB Token 6 Specify Username Password 32 Username Password 27 Automatic Logging 42 C Certificates 5 3rd Party 45 Certifcate Manager 39 Digital 27 38 Importing 39 CLI 54 Client Platforms 6 Client Provisioning 5 47 Command Line Interface Installation Options 13 Running Global VPN Client 54 Connection Properties 30 General Tab 30 Peer Information 34 Peers 33 Status 36 User Authentication 32 Connection Warning 28 Connections default 6 program auto start 7 retry 6 D Default rcf File 16 20 47 Troubleshooting 54 Deployment Preconfigured VPN Connections 47 DHCP 5 Dial Up 6 Settings 36 Dial Up VPN Connections Configuration 20 Disabling a VPN Connection 29 DNS 7 Downloading Global VPN Client 46 E Enabling VPN Connections 24 Encryption 3DES 6 AES 6 IKE modes 23 IPsec 45 Pre Shared Key 26 Enterprise Global VPN Client Enterprise 7 Error Messages 55 G Gateway Auto reconnect 6 Auto redirect 5 Licensing for Global VPN Client 46 Redundant Gateways 6 24 SonicOS Configuration 45 Ghost Application Installation 6 13 Global Management System 6 GM
65. l Save N Filter Messages 2 Clear To clear current log information click the Clear button on the toolbar press Crtl X or choose Edit gt Clear To hide or show the toolbar in the Log Viewer window choose View gt Toolbar to toggle the toolbar on or off To hide or show the status bar in the Log Viewer window choose View gt Status Bar to toggle the status bar on or off Troubleshooting the Global VPN Client 41 Configuring the Log The Logging tab in the View Options dialog box specifies the settings for configuring the Global VPN Client Log behavior Options sa General Logging Specify settings for logging Maximum number of log messages to keep 1000 0 means no maximum Log ISAKMP header information E Log dead peer detection packets Log NAT keep alive packets _ Enable automatic logging of messages to a file ok Cancel Hep Maximum number of log messages to keep Specifies the maximum number of log messages kept in the log file Log ISAKMP header information Enables the logging of ISAKMP header information Log dead peer detection packets Enables the logging of dead peer detection packets Log NAT keep alive packets Enables the logging of NAT keep alive packets Enable automatic logging of messages to file Enables automatic logging of messages to a file as specified in the Auto Logging window Settings Clicking on Settings displays the Auto Logging window Configuring A
66. lays the name of your VPN connection Description Displays a pop up text about the connection The text appears when your mouse pointer moves over the VPN connection Peer Defined Network Settings Defines the status of Tunnel All support These settings are controlled at the Dell SonicWALL VPN gateway Other traffic allowed If enabled your computer can access the local network or Internet connection while the VPN connection is active Default traffic tunneled to peer If activated all network traffic not routed to the Dell SonicWALL VPN gateway is blocked When you enable the VPN connection with this feature active the Connection Warning message appears 30 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide Use virtual IP address Allows the VPN Client to get its IP address via DHCP through the VPN tunnel from the gateway Enable this connection when the program is launched Establishes the VPN connection as the default VPN connection when you launch the Dell SonicWALL Global VPN Client Immediately establish security when connection is enabled Negotiates the first phase of IKE as soon as the connection is enabled instead of waiting for network traffic transmission to begin This setting is enabled by default Automatically reconnect when an error occurs With this feature enabled if the Global VPN Client encounters a problem connecting to the peer it keeps retrying to make the connection This featur
67. m For Web based technical support please visit http www sonicwall com us en support html Dell SonicWALL Global VPN Client 4 9 Administrator s Guide Viewing Help Topics Selecting Help gt Help Topics displays the Dell SonicWALL Global VPN Client help system window You can access help topics using the following options Contents displays help in a table of contents view Index displays help in an alphabetical topic view Search allows you to search the help system using keywords Uninstalling the Dell SonicWALL Global VPN Client You can easily uninstall the Dell SonicWALL Global VPN Client and choose to save or delete your VPN connections as part of the uninstall process Note You must exit the Dell SonicWALL Global VPN Client before uninstalling the program To uninstall the Dell SonicWALL Global VPN Client 1 2 Launch the Windows Control Panel Double click Add Remove Programs Windows XP or click Programs and Features Windows 7 Select the Global VPN Client and then click Remove In the Confirm File Deletion dialog box click Yes or OK to confirm the removal of the Dell SonicWALL Global VPN Client Choose Delete all individual user profiles if you want to delete all your existing VPN connection profiles If you leave this setting unchecked the VPN connection profiles are saved and appear again when you install the Dell SonicWALL Global VPN Client at another time Choose Retain MAC Address if
68. m Files Dell SonicWALL Global VPN Client The Global VPN Client reads the default rcf file if it exists and creates the configuration file Connections rcf in the C Users lt user gt AppData Roaming Dell SonicWALL Global VPN Client directory The Connections rcf file contains all the VPN connection configuration information for the Dell SonicWALL Global VPN Client with sensitive data user names and passwords encrypted Deploying the Default rcf File There are three ways to deploy the default rcf file for your Dell SonicWALL Global VPN Clients e Include the default rcf file along with the installer software GVCInstallXX MSI where XX is either 32 for 32 bit Windows platforms or 64 for 64 bit Windows platforms prior to running the installer See Including the Default rcf File with the Installer Software GVCInstallXX MSI on page 47 Add the default rcf file to the program install directory before opening the Dell SonicWALL Global VPN Client application for the first time See Adding the Default rcf file to the Installed Global VPN Client Directory on page 48 e Ifthe Connections rcf configuration file exists in the user s configuration file folder replace it using settings from the default rcf file in the program install directory See Replacing an Existing Global VPN Client rcf with Default rcf Settings on page 48 Including the Default rcf File with the Installer Software GVClInstallXX MSI After you create the default rcf file
69. management tools to minimize support requirements Multiple Language Support The Global VPN Client user interface supports English Simplified Chinese Japanese Korean and Brazilian Portuguese The UI automatically displays in the Windows display language e Client Policy Provisioning Using only the IP address or Fully Qualified Domain Name FQDN of the Dell SonicWALL VPN gateway the VPN configuration data is automatically downloaded from the Dell SonicWALL VPN gateway via a secure IPsec tunnel removing the burden from the remote user of provisioning VPN connections e XAUTH Authentication with RADIUS Provides added security with user authentication after the client has been authenticated via a RADIUS server e VPN Session Reliability Allows automatic redirect in case of a Dell SonicWALL VPN gateway failure If a Dell SonicWALL VPN gateway is down then the Global VPN Client can go through another Dell SonicWALL VPN gateway Multiple Subnet Support Allows Global VPN Client connections to more than one subnet in the configuration to increase networking flexibility e Third Party Certificate Support Supports VeriSign Entrust Microsoft and Netscape Certificate Authorities CAs for enhanced user authentication e Tunnel All Support Provides enhanced security by blocking all traffic not directed to the VPN tunnel to prevent Internet attacks from entering the corporate network through a VPN connection DHCP over VPN Support
70. n Ghost Installation for Large Scale Installations Enables the Global VPN Client s virtual adapter to get its default address after installation and then create a ghost image NT Domain Logon Script Support Allows Global VPN Clients to perform Windows NT domain authentication after establishing a secure IPsec tunnel The Dell SonicWALL VPN gateway passes the logon script as part of the Global VPN Client configuration This feature allows the VPN user to have access to mapped network drives and other network services Dual Processor Support Enables the Global VPN Client to operate on dual processor computers Group Policy Management Global VPN Clients access can be customized and restricted to specific subnet access Requires SonicOS Enhanced e Hub and Spoke VPN Access Allows IP addressing from Dell SonicWALL VPN gateway s DHCP Server to Global VPN Client for configuring a different subnet for all remote Global VPN Clients than the subnet of the LAN Makes hub and spoke VPN access simpler When a Global VPN Client successfully authenticates with the central site it receives a virtual IP address that also grants it access to other trusted VPN sites e Default VPN Connections File Enables the SonicOS administrator to configure and distribute the corporate VPN connections with the Global VPN Client software to streamline VPN client deployment Integration with Dial Up Adapter Allows Global VPN Client connections using Mic
71. n and trying to get back to your main office in Svalbard 22 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide Workaround Forced Creation of a New Locally Cached Profile The workaround is to create an induced local profile and then log on to the Microsoft domain using the Dell SonicWALL Global VPN Client To do this perform the following steps 1 Log on to the workstation with any locally cached profile e g mydomain user1 or a local machine account The locally cached profiles are usually stored in the C Documents and Settings directory You should see a folder called user1 in this path containing user1 s profile 2 Launch the Dell SonicWALL Global VPN Client After the Dell SonicWALL Global VPN Client establishes a connection and the workstation can communicate with the domain controller you can create another locally cached profile You can use the runas command to create a locally cached profile for a new user e g mydomain user2 while using the Global VPN Client connection provided by user1 4 From a command prompt type runas user mydomain user2 explorer exe substitute your actual domain for mydomain and actual username for user2 You can use notepad exe instead of explorer exe if you prefer 5 Atthe prompt enter the domain password for user2 6 It will take anywhere from a few seconds to a few minutes to create the local profile for user2 and to launch the explorer exe program You may quit the
72. n this Guide Conventions used in this guide are as follows Convention Use Bold Highlights items you can select on the Global VPN Client interface or the SonicOS management interface Italic Highlights a value to enter into a field For example type 192 168 168 168 in the IP Address field gt Indicates a multiple step menu choice For example select File gt Open means select the File menu then select the Open item from the File menu About this Guide 7 lcons Used in this Guide Caution Important information that indicates potential damage to hardware or loss of data if instructions are not followed var Tip Useful information about security features and configurations Note Related information that helps you make better use of your system Getting Started with the Global VPN Client This section provides information about installing upgrading and launching the Dell SonicWALL Global VPN Client e Installing the Global VPN Client on page 8 e Upgrading Global VPN Client from a Previous Version on page 12 e Installing Global VPN Client with a Ghost Application on page 13 Command Line Options for Installation on page 13 e Launching the Global VPN Client on page 14 Specifying Global VPN Client Launch Options on page 15 e Managing the Global VPN Client System Tray Icon on page 16 Installing the Global VPN Client The Dell SonicWALL Global VPN Client uses an easy to use wizard
73. n with E Command Line Examples lt path gt swgvpnclient runs starts application If application is already running it does not create another instance lt path gt swgvpnclient E lt connection name gt U lt username gt and P lt password gt runs starts the application and enables the named connection and use the lt username gt and lt password gt for user authentication If you do not include a username and password the Global VPN Client presents a dialog box asking for the information in order to continue lt path gt swgvpnclient A lt path filename gt runs starts the application and enables auto logging of all events to a log file If the filename is not specified then the log file is created with the default name lt gvcauto log gt If you want to save the autolog for each Global VPN Client session you can use the filename option and specify a different filename each time the application is stated This file is created in the same directory where the Global VPN Client application is started if the path is not specified Appendix C Log Viewer Messages The following sections list the Error Info and Warning messages that can appear in the Global VPN Client Log Viewer Log Viewer Error Messages The following table lists possible Error messages Table 2 Log Viewer Messages ERROR Invalid DOI in notify message ERROR called with invalid parameters ERROR A phase 2 IV
74. nError gt 1 lt ReconnectOnError gt lt ExecuteLogonScript gt 0 lt ExecuteLogonScript gt lt Flags gt lt Peer gt lt HostName gt amp lt Default Gateway amp gt lt HostName gt lt EnableDeadPeerDetection gt 1 lt EnableDeadPeerDetection gt lt ForceNAT Traversal gt 0 lt ForceNAT Traversal gt lt DisableNAT Traversal gt 0 lt DisableNAT Traversal gt lt NextHop gt 0 0 0 0 lt NextHop gt lt Timeout gt 3 lt Timeout gt lt Retries gt 3 lt Retries gt lt UseDefaultGWAsPeerIP gt 1 lt UseDefaultGWAsPeer IP gt lt InterfaceSelection gt 0 lt InterfaceSelection gt lt WaitForSourcelP gt 0 lt WaitForSourcelP gt lt DialupUseMicrosoftDUN gt 1 lt DialupUseMicrosoftDUN gt lt DialupApp gt c program files aol aol exe lt DialupApp gt lt DialupPhonebook gt text lt DialupPhonebook gt lt DialupLeaveConnected gt 0 lt DialupLeaveConnected gt lt DPDInterval gt 3 lt DPDInterval gt lt DPDAttempts gt 3 lt DPDAttempts gt lt DPDAlIwaysSend gt 0 lt DPDAlwaysSend gt lt Peer gt lt Connection gt lt Connections gt lt SW_Client_Policy gt Appendix A Using the Default rcf File for Global VPN Clients 53 Troubleshooting the Default rcf File Table 1 Troubleshooting the default rcf File Issue If there are any incorrect entries or typos in your default rcf file the settings in the default rcf file will not be incorporated into the Global VPN Client and no connection profiles will appear in the Global VPN Clien
75. nection prompts you for login credentials If no previous connections exist the New Connection Wizard launches automatically This only occurs the first time the Global VPN Client starts up For more information see Creating a VPN Connection Using the New Connection Wizard on page 18 Getting Started with the Global VPN Client 11 MM Tip You can configure the Global VPN Client to launch automatically every time you log onto your computer on the General tab in the View gt Options page For more information see Specifying Global VPN Client Launch Options on page 15 Upgrading Global VPN Client from a Previous Version Upgrades are supported from Dell SonicWALL Global VPN Client version 4 9 x to higher versions It is not necessary to uninstall the previous version first Note If you have Dell SonicWALL Global VPN Client version 4 8 6 or earlier installed you must uninstall that version before installing version 4 9 x The 4 9 x installer does not allow upgrading from version 4 8 6 or earlier During an upgrade your configured connections and virtual MAC address are preserved The setup wizard does not ask you to confirm the license agreement installation location or other setup questions but uses the information you provided during the previous installation To upgrade to the latest Dell SonicWALL Global VPN Client 1 After downloading the self extracting installer GVCSetupXX exe where XxX is either 32 for 32 bit
76. neral Settings EE EE EE Ee eee eee 30 Connection Properties User Authentication Settings EE EE Ee 32 Connection Properties Peers Settings iii EE EE RE RE ER ER EER eee eee 33 Connection Properties Status Settings ii EER EE ER EE EE RR RE EE ke 36 Managing VPN Connections aaua saaa EE 06 SEE EE EE ER eee 38 Arranging Connections ee SE ER EE Yee RE GR Ee eee ed RE RR Ee 38 Renaming a COnMmecion ss MEE RA BASEER Fed RI ED sada seh tie IE RAD 38 Deleting a Gone GR BEL RE ah MG DR SES RR RE OA ae De N 38 Selecting All Connections is EE EE EER EE EE eee EE 38 Bree Mr eo ENE OR MA ET ET OE OO EE DE 38 Managing Certificates 2580 berate Qe oe AN ER Meg Ree EA ANG AS RY Ra a As 39 Troubleshooting the Global VPN Client EE eee eee 40 Understanding the Global VPN Client Log 0000 eee eee 40 Configuring the LOG so s EER VEE RE SE NO eg SNe Gtk aa E ts 42 Generating a Help Report 0000 eee 43 Accessing Dell SonicWALL Global VPN Client Technical Support 44 Viewing Help Topics iss ss EE EE EE ss eee 45 Uninstalling the Dell SonicWALL Global VPN Client 45 Configuring Dell SonicWALL Appliances for Global VPN Clients 45 Dell SonicWALL Global VPN Client Licenses 000002 000s 46 Group VPN Connections Supported by Each Appliance Model 46 Activating Your Dell SonicWALL Global VPN Clients 46 Dow
77. nicWALL Global VPN Client 4 9 Administrator s Guide MM Tip See Appendix C Log Viewer Messages on page 55 for a complete listing of Log Viewer messages The Log Viewer provides the following features to help you manage log messages To save a current log to a txt file click the Save button on the toolbar press Ctrl S or choose File gt Save When you save a Log Viewer file the Global VPN Client automatically adds a report containing useful information regarding the condition of the Dell SonicWALL Global VPN Client as well as the system it is running on To select all messages press Ctrl A or choose Edit gt Select All To copy log contents for pasting into another application select the messages you want to copy then press Ctrl C or choose Edit gt Copy To display less detailed information in the log viewer click the Filter Messages button on the toolbar or choose View gt Filter Messages To search the log messages for a character string click the Find button Ei on the toolbar or choose Edit gt Find and enter the string in the Find dialog box In the dialog box you can select Match Whole Word Only Match Case and Up or Down for the search direction Click the Find Next button to search Once a string is entered in the Find dialog box you can click the X to close the dialog box then use the Find Next and Find Previous buttons in the toolbar f Dell SonicWALL Global VPN Client Log Viewer File Edit View la
78. nicWALL Long Range is already enabled and does not allow multiple active connections You can continue enabling this connection by disabling SonicWALL Long Range Choose Yes to disable SonicWALL Long Range and continue enabling this connection or choose No to cancel Entering a Pre Shared Key Depending on the attributes for the VPN connection if no default Pre Shared Key is used you must have a Pre Shared Key provided by the gateway administrator in order to make your VPN connection If the default Pre Shared Key is not included as part of the connection policy download or file the Enter Pre Shared Key dialog box appears to prompt you for the Pre Shared key before establishing the VPN connection Enter Pre Shared Key 10 0 79 229 xi Enter Pre Shared Key The pre shared key for this connection appears to be incorect Enter the pre shared key for this connection as specified by your network administrator Pre Shared Key I T Don t hide the pre shared key GF Cancel 1 Type your Pre Shared Key in the Pre shared Key field The Pre Shared Key is masked for security purposes 2 Ifyou want to make sure you are entering the correct Pre Shared Key select Don t hide the pre shared key The Pre Shared Key you enter appears unmasked in the Pre shared Key field 3 Click OK 26 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide Selecting a Certificate If the Dell SonicWALL VPN Gateway req
79. nloading Global VPN Client Software and Documentation 46 Appendix A Using the Default rcf File for Global VPN Clients 47 How the Global VPN Client Uses the Default rcf File 47 Deploying the Default rcf File 2 0 0 EE 02 cee ee 47 Creating the Default rcf File 00 0 0 cece cee 49 Sample default rcf File 0 0 00 c cece 51 Troubleshooting the Default rcf File 00000 c eee es 54 Appendix B Using the Global VPN Client CLI 0 000002 54 Command Line Options 000000 eee 54 Command Line Examples 0000 cece eee eee 55 Appendix C Log Viewer MessageS 000 SE EG ES Se Se Ge ee ee 55 Log Viewer Error Messages sies DE oa E EE gs delete ip sg etd s peed 55 Log Viewer Info Messages ii EE RE EE SE EE eee 61 Log Viewer Warning Messages EER EE ER RR EE EE ER RE RR EE EE 64 Copyright Warranty and License Agreement SE EE ee ee 65 Copyright Notice Ee ER ER DE RE SR EE RE ae DG ER SR ee 65 Limited Warranty sessie ed de IE a a ee RE RD N we Beate BU EE EE 66 Software License Agreement iii EE EER EE EE EE EE ER GE EE RR ER RE 66 4 Dell SonicWALL Global VPN Client 4 9 Administrators Guide Dell SonicWALL Global VPN Client Overview The Dell SonicWALL Global VPN Client creates a Virtual Private Network VPN connection between your computer and the corporate network to maintain the confidentiality o
80. og window displays messages about Global VPN Client activities To open the Log Viewer window click the Log Viewer button on the Global VPN Client window toolbar or choose View gt Log Viewer or press Cirl L Dell SonicWALL Global VPN Client Log Viewer fo ss File Edit View Is Save T Filter Messages 34 S Clear Time Peer Message 2013 12 17 12 06 07 697 local host Dell SonicWALL Global VPN Client version 49 0 1202 2013 12 17 12 09 51 523 lt local host gt The connection Main Gateway has been enabled 3 2013 12 17 12 09 51 804 gateway0l my Failed to convert the peer name Main Gateway to an IP address 2013 12 17 12 09 52 206 67 115 118 8 Starting ISAKMP phase 1 negotiation Q 2013 12 17 12 09 52 326 67 115 118 8 Starting aggressive mode phase 1 exchange 2013 12 17 12 09 52 326 67 115 118 8 NAT Detected Local host is behind a NAT device G 2013 12 17 12 09 52 326 67 115 118 8 The SA lifetime for phase 1 is 28800 seconds Q 2013 12 17 12 09 52 327 67 115 118 8 Phase 1 has completed G 2013 12 17 12 09 52 329 67 115 118 8 Received XAuth request 3 2013 12 17 12 09 52 329 67 115 118 8 XAuth has requested a username but one has not yet been specified G 2013 12 17 12 09 52 329 67 115 118 8 Sending phase 1 delete G 2013 12 17 12 09 52 329 67 115 118 8 User authentication information is needed to complete the connection 2013 12 17 12 09 52 358 lt local host gt An incoming ISAKMP
81. ogram in the Application field or click browse to locate the program 10 Click OK three times to return to the Global VPN Client window Using Global VPN Client from a Different Workstation Using the Dell SonicWALL Global VPN Client to connect to a Microsoft Network has certain limitations Typically when a computer is attached to a Microsoft Network it has a persistent network connection to the domain controller that is used to verify the user credentials When the user credentials have been verified by the domain controller the computer then creates a locally cached profile that is used when the domain controller is not available However the Dell SonicWALL Global VPN Client provides an ad hoc secure network connection over the Internet back to the Microsoft Network containing the domain controller and thus is not a persistent connection Since the remote computer cannot connect to the domain controller to verify the logon credentials until the connection is provided by the Dell SonicWALL Global VPN Client the logon fails unless a locally cached profile is available The following steps illustrate the classic problem 1 A Global VPN Client session must be established to communicate remotely with a Microsoft domain controller 2 Global VPN Client can only be launched after you have logged on to the workstation Because there is no way for the Global VPN Client to connect before you log on you cannot use it for domain logon when init
82. ough the VPN tunnel Reset Resets the Packets and Bytes values to zero from which these counts immediately resume e Virtual IP Configuration IP Address The IP address assigned via DHCP through the VPN tunnel from the VPN gateway Subnet Mask The subnet mask for the virtual IP address Renew Renews the DHCP lease Configuring VPN Connection Properties 37 Managing VPN Connections The Dell SonicWALL Global VPN Client supports as many VPN connections as you need To help you manage these connections the Global VPN Client provides the connection management tools described in this section Arranging Connections Over time as the number of VPN connections can increase in the Global VPN Client window you may want to arrange them for quicker access You can arrange your VPN connections in the Global VPN Client window by choosing View gt Sort by You can arrange VPN connection profiles by e Name Sorts the connections by connection name e Peer Sorts the connections by peer name Status Sorts the connections by connection status Ascending Sorts the connections in ascending order such as A Z if enabled and in descending order such as Z A if disabled The default sorting is by Name in Ascending order Renaming a Connection To rename a connection select the connection and choose File gt Rename then type in the new name You can also right click the connection and choose Rename from
83. packet from 67 115 118 8 was ignored 2013 12 17 12 10 00 804 67 115 118 8 Starting ISAKMP phase 1 negotiation amp 2013 12 17 12 10 00 950 67 115 118 8 Starting aggressive mode phase 1 exchange 2013 12 17 12 10 00 950 67 115 118 8 NAT Detected Local host is behind a NAT device 2013 12 17 12 10 00 950 67 115 118 8 The SA lifetime for phase 1 is 28800 seconds D 2013 12 17 12 10 00 950 67 115 118 8 Phase 1 has completed 2013 12 17 12 10 00 953 67 115 118 8 Received XAuth request Amannan annann Emea PRP N T PE EE N For Help press F1 299 total messages 299 shown Type The icon indicating the type of message Information Warning or Error The icons for the three types are Information A blue i in a bubble Warning An exclamation point in a yellow triangle N Error A white X in a red circle amp Time Date and time the message was generated Peer The IP address or FQDN of the peer Message Text of the message describing the event Click the Save button to save the current log to a txt file When you save the current log to a file the Global VPN Client automatically adds a Help Report containing useful information regarding the condition of the Dell SonicWALL Global VPN Client as well as the system it s running on for troubleshooting The Help Report information is inserted at the beginning of the log file See Generating a Help Report on page 43 for more information Dell So
84. r INFO MM failed SA state not matching mask process auth Peer INFO MM failed SA state not matching mask process key Peer INFO MM failed SA state not matching mask process sa Peer INFO MM failed SA state unknown Peer INFO NAT Detected Local host is behind a NAT device INFO NAT Detected Peer is behind a NAT device Appendix C Log Viewer Messages 61 62 INFO peer certificate missing key value INFO Phase 1 has completed INFO Phase 1 SA lifetime set to INFO Phase 2 negotiation has failed INFO Phase 2 SA lifetime set to INFO Phase 2 with has completed INFO Proposal not acceptable not authentication algorithm specified INFO Proposal not acceptable not Diffie Hellman group specified INFO Proposal not acceptable not encryption algorithm specified INFO Proposal not acceptable not hash algorithm specified INFO Proposal not acceptable proposal not found in list INFO QM failed Load SA failed Peer INFO Reading configuration file INFO Ready to negotiate phase 2 with INFO Received address notification notify INFO Received attributes not supported notify INFO Received authentication failed notify INFO Received bad syntax notify INFO Received certificate unavailable notify INFO Received dead peer detection acknowledgement INFO Received dead peer
85. re and Documentation 1 Inthe My Products page click the name of your Dell SonicWALL appliance on which the Global VPN Client license is activated 2 Select Software Download If this service is not already activated click on Agree to activate it 3 Download the Dell SonicWALL Global VPN Client software and documentation 46 Dell SonicWALL Global VPN Client 4 9 Administrators Guide Appendix A Using the Default rcf File for Global VPN Clients The default rcf file allows the Dell SonicWALL VPN Gateway administrator to create and distribute preconfigured VPN connections for Dell SonicWALL Global VPN Clients The Dell SonicWALL VPN Gateway administrator can distribute the default rcf file with the Global VPN Client software to automatically create preconfigured VPN connections for streamlined deployment The VPN connections created from the default rcf file appear in the Global VPN Client window The Global VPN Client user simply enables the VPN connection and after XAUTH authentication with a username and password the policy download is automatically completed How the Global VPN Client Uses the Default rcf File When the Global VPN Client starts up the program always looks for the configuration file Connections rcf in the C Users lt user gt AppData Roaming Dell SonicWALL Global VPN Client directory If this file does not exist the Global VPN Client looks for the default rcf file in the program install directory C Progra
86. rmitted by the gateway select Remember Username and Password to cache your username and password to automatically log in for future VPN connections Click OK to continue with establishing your VPN connection I Main Gateway sea Enter Username Password This peer requires that you log in with a username and password Please enter your username and password assigned to vou by vour network administrator Usemame Password The peer does not allow saving of username and password Ok Cancel Making VPN Connections 27 Creating a Connection Shortcut To streamline enabling a VPN connection you can place a VPN connection on the desktop taskbar or Start menu You can also place the connection at any other location on your system To create a shortcut 1 Select the VPN connection for which to create a shortcut in the Global VPN Client window 2 Choose File gt Create Shortcut and select the shortcut option you want You can select from On the Desktop On the Task Bar In the Start Menu or Select a Location You can also right click the VPN connection and then choose Create Shortcut gt shortcut option Mr Tip You can create a Desktop shortcut for the Dell SonicWALL Global VPN Client program for easy access to all your connections Connection Warning If the VPN connection policy allows only traffic to the gateway the Connection Warning message appears warning you that only network traffic destin
87. rom MySonicWALL double click GVCSetupXX exe The Setup Wizard launches JE Global VPN Client x SonicWALL Global VPN Client The installer will guide you through the steps required to install Global VPN Client on your computer WARNING This computer program is protected by copyright law and international treaties Unauthorized duplication or distribution of this program or any portion of it may result in severe civil or criminal penalties and will be prosecuted to the maximum extent possible under the law Cancel i 2 Click Next to continue installation of the VPN Client Getting Started with the Global VPN Client 9 3 Inthe license agreement screen select Agree and then click Next es SonicWALL Global VPN Client Please take a moment to read the license agreement now If you accept the terms below click I Agree then Next Otherwise click Cancel Software License Agreement PLEASE READ THIS SOFTWARE LICENSE AGREEMENT AGREEMENT CAREFULLY BEFORE DOWNLOADING THE SOFTWARE BY CLICKING ON THE I Agree BUTTON BELOW YOU INDICATE YOUR ACCEPTANCE OF THE TERMS OF THIS LEGAL AND BINDING AGREEMENT AND ARE CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT IF YOU DO INOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT CLICK THF T Do Not Acree ROTTON AND THF TNSTATILATTON C DoNotAgree e Cancel lt Back 4 Inthe installation folder selection screen optionally click Browse
88. rosoft Dial Up Networking or third party dial up applications either as an automatic backup to a broadband connection or as the primary connection e Single VPN Connection to any Dell SonicWALL Secure Wireless Appliance for Roaming Allows users to use a single VPN connection to access the networks of multiple Dell SonicWALL Secure Wireless appliances e Automatic Configuration of Redundant Gateways from DNS When an IPsec gateway domain name resolves to multiple IP addresses the Global VPN Client version 2 1 0 0 or higher uses the IP addresses in the list as failover gateways Tunnel State Display Enhancement The Global VPN Client provides information about the state of VPN tunnels In addition to the states of enabled disabled and connected the Global VPN Client indicates when tunnels are authenticating provisioning and connecting Tunnel Status Pop Up Window The Global VPN Client alerts users when tunnels are connected or disconnected by displaying a small pop up window e Smart Card and USB Token Authentication The Global VPN Client is integrated with the Microsoft Cryptographic Application Program MS CryptoAPI or MSCAPI which enables the Global VPN Client to support user authentication using digital certificates on Smart cards and USB tokens 6 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide NAT T RFC 3947 Support Allows for automatic detection of NAT along the path between two IKE peers during IKE Ph
89. s The minimum lt Timeout gt value is 1 second and the maximum value is 10 seconds lt Retries gt 3 lt Retries gt Number of times to retry packet retransmissions before the connection is considered as dead The minimum lt Retries gt value is 1 and the maximum value is 10 lt UseDefaultGWAsPeerIP gt Off 0 On 1 lt UseDefaultGWAsPeerIP gt Specifies that the PC s Default Gateway IP Address is used as the Peer IP Address lt InterfaceSelection gt Automatically selects the connection based on link and IP detection 0 Connection always uses LAN 1 Connection always uses Dial Up 2 lt InterfaceSelection gt Forces the interface selection for the VPN connection lt WaitForSourcelP gt Off 0 On 1 lt WaitForSourcelP gt Specifies that packets are to be sent when a local source IP address is available DialupUseMicrosoftDUN 3 0 Party 0 Microsoft 1 lt DialupUseMicrosoftDUN gt Instructs the Global VPN Client to use either Microsoft or a third party Dialup connection 50 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide lt DialupApp gt c Program Files Windows NT dialer exe lt DialupApp gt On Windows XP specifies the directory path to a third party Dialup connection application including the application name lt DialupPhonebook gt MSWN Office Network Prompt When Necessary lt DialupPhonebook gt Specifies the name of the Microsoft Dialup connection as listed in Network and Dial up Connections for the local comp
90. sed as failover gateways If all the resolved IP addresses fail to respond Global VPN Client switches to the next peer if another peer is specified in the Peers page of the VPN connection Properties dialog box See Connection Properties Peers Settings on page 33 for more information Note When configuring redundant VPN gateways the Group VPN policy attributes such as pre shared keys and the attributes on the Peer Information window must be the same for every gateway if the gateway s FQDN resolves to multiple IP addresses However if you set up multiple peers on the Peers page then each peer gateway can have its own settings Enabling a VPN Connection Enabling a VPN connection with the Dell SonicWALL Global VPN Client is a transparent two phase process Phase 1 enables the connection which completes the ISAKMP Internet Security Association and Key Management Protocol negotiation Phase 2 is IKE Internet Key Exchange negotiation which establishes the VPN tunnel for sending and receiving data When you enable a VPN connection the following information is displayed in the Status column of the Global VPN Client window 1 Disabled changes to Connecting 2 Connecting changes to Authenticating when the Enter Username Password dialog box is displayed 3 Authenticating changes to Connecting when the user enters the username and password 4 Connecting changes to Provisioning Provisioning changes to Connected once the VPN
91. t from the tray icon V Show the notification when hide the connections window ox cama _ Hep The General tab includes the following settings to control the launch of the Global VPN Client Start this program when I log in Launches the Dell SonicWALL Global VPN Client when you log into your computer Warn me before enabling a connection that will block my Internet traffic Activates a Connection Warning message notifying you that the VPN connection will block local Internet and network traffic Remember the last window state closed or open the next time the program is started Allows the Global VPN Client to remember the last window state open or closed the next time the program is started For example a user can launch the Global VPN Client from the system tray without opening a window on the desktop When closing the connections window Specifies how the Global VPN Client behaves when the window is closed The three options include Minimize the window restore it from the task bar Minimizes the window to taskbar and restores it from the taskbar Hide the window re open it from the tray icon The default setting that hides the Global VPN Client window when you close it You can open the Global VPN Client from the program icon in the system tray Enabling this setting also displays the Show the notification when I hide the connections window checkbox Getting Started with the Global VPN Cl
92. t includes e Version information e Drivers e System information e IP addresses e Route table e Current log messages Troubleshooting the Global VPN Client 43 To view the report in the default text editor window click View GVC3F94 TXT ES Application Name Dell SonicWALL Global VPN Client Application Version 4 9 0 1202 gt IPsec Driver Name Dell SonicWALL Global VPN Client IPsec Driver Version 4 9 0 1202 E Virtual Adapter Driver Name SonicWALL Virtual NIC Virtual Adapter Driver Version 10 1 0 40 DNE Adapter Driver Name Deterministic Network Enhancer for NDIS 6 DNE Adapter Driver Version 4 16 2 18638 Reported Generated At 14 09 19 Wed Dec 18 2013 GMT Systen Summary Operating System Microsoft Windows 7 Enterprise Edition 64 bit build 7600 System Name SWEIGAND 14093 Processor Intel64 Family 6 Model 37 Stepping 5 Genuinelntel 2527 Mhz BIOS Version 04 12 12 Windows Directory C Windows Locale United States Time Zone Pacific Standard Time Total Physical Memory 4095 MB Available Physical Memory 44 MB Total Virtual Memory 5120 MB Available Virtual Memory 1 MB Page File Space 8384460 MB Windows IP Configuration Host Name SWEIGAND 14093 Primary Dns Suffix sh Net 5 gt sv us sonicwall con Node Type AS BE Hybrid IP Routing Enabled bo bie e ade EE OE EG WINS Proxy Enabled No DNS Suffix Search List sv us sonicwall com us sonicwall con sonicwall com Ethernet
93. t more than ninety 90 days after the original shipment by Dell and continuing for a period of twelve 12 months that the product will be free from defects in materials and workmanship under normal use This Limited Warranty is not transferable and applies only to the original end user of the product Dell and its suppliers entire liability and Customer s sole and exclusive remedy under this limited warranty will be shipment of a replacement product At Dell s discretion the replacement product may be of equal or greater functionality and may be of either new or like new quality Dell s obligations under this warranty are contingent upon the return of the defective product according to the terms of Dell s then current Support Services policies This warranty does not apply if the product has been subjected to abnormal electrical stress damaged by accident abuse misuse or misapplication or has been modified without the written permission of Dell DISCLAIMER OF WARRANTY EXCEPT AS SPECIFIED IN THIS WARRANTY ALL EXPRESS OR IMPLIED CONDITIONS REPRESENTATIONS AND WARRANTIES INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE NONINFRINGEMENT SATISFACTORY QUALITY OR ARISING FROM A COURSE OF DEALING LAW USAGE OR TRADE PRACTICE ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW TO THE EXTENT AN IMPLIED WARRANTY CANNOT BE EXCLUDED SUCH WARRANTY IS LIMIT
94. t window The error message Failed to parse configuration lt file gt will appear in the Global VPN Client Log Viewer or the following error message will be displayed when attempting to import the file Could not import the specified configuration file The file appears to be corrupt Solution Ensure that the file does not contain any non ASCII characters The Connections rcf file created by the default rcf file must be deleted from the directory and the default rcf file edited to correct the errors The default rcf file cannot have an attribute of READ Only The Connections rcf file created by the default rcf file must be deleted from the directory and the default rcf file Read Only attribute removed to cor rect the error The Peer Name lt Default Gateway gt displays the fol lowing error message when attempting to connect Failed to convert the Peer name lt Default Gate way gt to an IP address When setting the Peer Name to the special case of lt Default Gateway gt the tag for sUseDefaultGWAsPeerlP must be set to 1 The Connections rcf file created by the default rcf file must be deleted from the directory Appendix B Using the Global VPN Client CLI The Dell SonicWALL Global VPN Client can run from the Command Line Interface CLI This interface allows for the programmatic or script based initiation of certain Global VPN Client functions without requiring the user to directly act in the
95. tallation for the Dell SonicWALL VPN Adapter resulting in network conflicts Command Line Options for Installation There are several command line options available for Dell SonicWALL Global VPN Client installation i Command line options Q Quiet modes For package iT lt full path Specifies temporary working Folder iC Extract files only to the Folder when used also with T C lt Cmd gt Override Install Command defined by author All options are case insensitive and must be preceded by a forward slash The following options are available e Q Quiet mode A normal non silent installation of the Dell SonicWALL Global VPN Client receives the necessary input from the user in the form of responses to dialog boxes However a silent installation does not prompt the user for any input but instead uses the defaults for every option Simply type in the following where XX is either 32 for 32 bit Windows platforms or 64 for 64 bit Windows platforms GVCSetupXX exe q e T Specify a temporary working folder in which to place any temporary files generated during the installation process The T option must be followed by a colon and the full path to the folder that you want to use For example type in the following GVCSetupXX exe t C TemporaryFiles Getting Started with the Global VPN Client 13 e C Place all files extracted MSI Installer file from the install package into the folder specified in th
96. the menu Deleting a Connection To delete a connection select the connection and then press the Delete key or choose File gt Delete You can also right click the connection name and choose Delete You cannot delete an active VPN connection Disable the VPN connection first then delete it Selecting All Connections Choosing View gt Select All or pressing Ctrl A selects all the connections in the Global VPN Client window Using Certificates If digital certificates are required as part of your VPN connection policy your gateway administrator must provide you with the required information to import the certificate You then need to import the certificate in the Global VPN Client using the Certificate Manager Caution If digital certificates are required as part of your VPN connection policy your VPN gateway administrator must provide you with the required certificates 38 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide Managing Certificates The Certificate Manager allows you to manage digital certificates used by the Dell SonicWALL Global VPN Client for VPN connections If your VPN gateway uses digital certificates you must import the CA and Local Certificates into the Certificate Manager To open the Certificate Manager click the View menu and select Certificates in the Global VPN Client window A This window allows you to set up and manage certificates used in your connections Select Certificate
97. the payload ERROR Failed to add IPSEC group description into the payload ERROR Failed to add IPSEC HMAC algorithm into the payload ERROR Failed to add IPSEC life duration into the payload ERROR Failed to add IPSEC life type into the payload ERROR Failed to add OAKLEY authentication algorithm into the payload ERROR Failed to add OAKLEY encryption algorithm into the payload ERROR Failed to add OAKLEY generator G1 into the payload ERROR Failed to add OAKLEY group description into the payload ERROR Failed to add OAKLEY group type into the payload ERROR Failed to add OAKLEY hash algorithm into the payload ERROR Failed to add OAKLEY life duration into the payload ERROR Failed to add OAKLEY life type into the payload ERROR Failed to add OAKLEY prime P into the payload ERROR Failed to add policy configuration INI format into the payload ERROR Failed to add policy configuration version into the payload ERROR Failed to add XAuth password into the payload ERROR Failed to add XAuth status into the payload ERROR Failed to add XAuth type into the payload ERROR Failed to add XAuth username into the payload ERROR Failed to allocate bytes ERROR Failed to allocate memory ERROR Failed to begin phase 1 exchange ERROR Failed to begin quick mode exchange ERROR
98. tion dialog box enter the IP address or DNS Name in the IP Address or DNS Name box then click OK e To edit a peer entry select the peer name and click Edit In the Peer Information dialog box make your changes then click OK To change the order of the peer list select a peer name and then click Move Up or Move Down e To delete a peer entry select the peer entry and click Remove Configuring VPN Connection Properties 33 Peer Information Dialog Box The Peer Information dialog box allows you to add or edit peer information This page allows you to specify an ordered list of peers to which this connection can establish security IP Address or DNS Name gateway mycompany con Use the default gateway as the peer IP address Packet Sending Response Timeout 3 Seconds Maximum Attempts 3 Attempts Dead Peer Detection Automatic DPD Settings Networking NAT Traversal Automatic Interface Selection Automatic LAN Settings Dial Up Settings Cancel IP Address or DNS Name Specifies the peer VPN gateway IP address or DNS name Use the default gateway as the peer IP address Specifies the default gateway as the peer IP address The Global VPN Client gets the default gateway from the routing table Response Timeout Specifies the maximum amount of time to wait for a response to a sent packet After this time expires the sent packet will be cons
99. to guide you through the installation process Note Installing the Global VPN Client on Windows XP or later requires Administrator rights The Dell SonicWALL Global VPN Client operates on 32 bit and 64 bit versions of Windows 8 1 Windows 8 Windows 7 Windows XP and Windows Vista client operating systems The Global VPN Client is supported on all Dell SonicWALL security appliances running Gen3 6 6 and higher Gen4 1 0 and higher Gen5 5 0 and higher and Gen6 6 1 and higher SonicOS firmware versions vay Tip For information on the number of Dell SonicWALL Global VPN Client connections supported by your Dell SonicWALL appliance and Global VPN Client licensing for your appliance see Del SonicWALL Global VPN Client Licenses on page 46 8 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide Using the Setup Wizard This section explains how to install the Dell SonicWALL Global VPN Client program using the Setup Wizard Note Remove any installed 3rd Party VPN client program before installing the latest Dell SonicWALL Global VPN Client Note If you have Dell SonicWALL Global VPN Client version 4 8 6 or earlier installed you must uninstall that version before installing version 4 9 x To use the Setup Wizard perform the following steps 1 After downloading the self extracting installer GVCSetupXX exe where XxX is either 32 for 32 bit Windows platforms or 64 for 64 bit Windows platforms f
100. to specify a custom installation location e SonicWALL Global VPN Client The installer will install Global VPN Client to the following folder To install in this folder click Nest To install to a different folder enter it below or click Browse Folder C Program Files Dell Sonic WALL Global VPN Client Browse Disk Cost Install Global VPN Client for yourself or for anyone who uses this computer Everyone C Just me Cancel lt Back Click the Disk Cost button to see the disk space requirements Under Install SonicWALL Global VPN Client for yourself or for anyone who uses this computer select either Everyone or Just me and then click Next 7 The next screen indicates that the installer is ready to begin installation Click Next 10 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide 8 Wait while the Dell SonicWALL Global VPN Client files are installed on your computer 44 Globa en SonicWALL Global VPN Client Global VPN Client is being installed Please wait oes SonicWALL Global VPN Client Global YPN Client has been successfully installed Click Close to exit 10 After a successful installation the Global VPN Client launches automatically If you saved the connection configurations from a previous version of the Dell SonicWALL Global VPN Client when uninstalling it the Global VPN Client launches silently and your default con
101. uires a Digital Certificate to establish your identity for the VPN connection the Select Certificate dialog box appears This dialog box lists all the available certificates installed on your Global VPN Client Select the certificate from the menu then click OK If you have a certificate that has not been imported into the Global VPN Client using Certificate Manager click Import Certificate Select Certificate 10 0 79 229 x Select Certificate This connection requires a certificate for authentication Select the cetificate to use as your identity for this connection as specified by your network administrator View Details If vou have the certificate you wish to use for your identity but it is not already in the certificate list you can import it here Import Certificate Bellingham Pac Bell Bellingham Pac Bell Cag Cancel Note See Managing Certificates on page 39 for more information on using the Certificate Manager Username and Password Authentication The VPN gateway typically specifies the use of XAUTH for determining GroupVPN policy membership by requiring a username and password either for authentication against the gateway s internal user database or via an external RADIUS service If the Dell SonicWALL VPN gateway is provisioned to prompt you for the username and password to enter the remote network the Enter Username and Password dialog box appears Type your username and password If pe
102. uter lt DialupLeaveConnected gt Off 0 On 1 lt DialupLeaveConnected gt Instructs the Global VPN Client to leave the dialup connection logged in when the Global VPN Client is not connected lt DPDInterval gt 3 30 lt DPDInterval gt Specifies the duration of time in seconds to wait before declaring a peer as dead The allowed values for the interval times are 3 5 10 15 20 25 and 30 seconds lt DPDAttempts gt 3 5 lt DPDAttempts gt Specifies number of unsuccessful attempts to contact a peer before declaring it as dead The allowed values are 3 4 or 5 times lt DPDAlwaysSend gt Off 0 On 1 lt DPDAlwaysSend gt Instructs the Global VPN Client to send a DPD packet based on network traffic received from the peer lt Peer gt For redundant gateways on this connection repeat all the tags under lt Peer gt There can be up to 5 redundant gateways for each connection lt Connection gt Defines the end of each connection profile in the configuration file lt Connections gt Defines the end of all connection profiles in the Default rcf file lt SW_Client_Policy gt Sample default rcf File The following is an example of a default rcf file This file includes two VPN connections Corporate Firewall and Overseas Gateway The Corporate Firewall connection configuration includes two peer entries for redundant VPN connectivity Caution If you attempt to directly copy this sample file to an ASCII text editor you may
103. uto Logging Clicking on Settings displays the Auto Logging window for specifying settings for automatic logging of messages to a file Log files are saved as text files txt Auto Logging lt yf Specify settings for auto doggina messages to a file Enter the name of the autodog file v Overwrite existing file when autodogaing starts V Set size limit on autodog file Maximum autodog file size 1 MB When autodog size limit is reached Ask me what to do gt OK canca 42 Dell SonicWALL Global VPN Client 4 9 Administrator s Guide Enter the name of the auto log file Specifies the file in which to save the logging messages Clicking on the button allows you to specify the location of your auto log file If only a file name is specified no path is given in the file name the log file will be created in the user s TEMP directory View Auto Log File Displays the entire log file up to 71 000 lines Overwrite existing file when auto logging starts Overwrites the existing auto log file when auto logging is started Set size limit on auto log file Activates a maximum size limit for the log file Maximum auto log file size Specifies the maximum file size in KB or MB When auto log size limit is reached Specifies the action to take when the auto log file reaches the maximum size Choose from Ask me what to do Prompts the user when the log file reaches the maximum size to choose either Stop a
104. uto logging or Overwrite auto log file Stop auto logging Stops auto logging when the maximum file size is reached e Overwrite auto log file Overwrites the existing auto log file after the maximum file size is reached Generating a Help Report Choosing Help gt Generate Report in the Global VPN Client window displays the Global VPN Client Report dialog box Global VPN Client Report Eal ea A Report Has Been Generated This report may be useful in helping techincal support solve any problems you may be experiencing This report contains information regarding the condition of the Global YPN Client as well as the system on which it is running The information in this report includes version information for the application and drivers system information such as your IP address es and route table and all current log messages The data collected will only be used to help fix problems experienced with the program This error report can be sent automatically via e mail if available or you can save the report and send it manually Please select one of the following reporting options Save As View send Dont Send Generate Report creates a report containing useful information for getting help in solving any problems you may be experiencing The report contains information regarding the condition of the Dell SonicWALL Global VPN Client as well as the system it is running on Information in this repor
105. utomatic Interface Selection Automatic LAN Settings Dial Up Settings Cancel 5 Use the default Automatic option in the Interface Selection menu if you want the Global VPN Client to automatically determine whether to use the LAN or Dial Up interface based on availability If the LAN interface is active the Global VPN Client uses this interface first If the LAN interface is not available the Global VPN Client uses the dial up connection If you want this VPN connection to use a dial up connection select Dial Up Only from the Interface Selection menu 6 Click Dial Up Settings The Dial Up Settings dialog box is displayed Specify the settings that will be used when this connection is enabled over dial up Use Microsoft dial up networking Phonebook Entry lt Prompt When Necessary gt E Do not hang up the modem when disabling this connection Use a third party dial up application 7 If you are using Microsoft Dial Up Networking select Use Microsoft dial up networking and select the dial up networking profile from the Phonebook Entry list Adding VPN Connections 21 8 Select Do not hang up the modem when disabling this connection if you want to remain connected to the Internet after disabling the Global VPN Client connection 9 If you are using a third party dial up application select Use a third party dial up application and then enter the path for the pr
106. w regulations or other provisions Support Services Upgrades Copyright Dell may provide you with support services related to the SOFTWARE PRODUCT Support Services Use of Support Services is governed by the Dell SonicWALL policies and programs described in the user manual in online documentation and or in other Dell provided materials Any supplemental software code provided to you as part of the Support Services shall be considered part of the SOFTWARE PRODUCT and subject to terms and conditions of this SLA With respect to technical information you provide to Dell as part of the Support Services Dell may use such information for its business purposes including for product support and development Dell shall not utilize such technical information in a form that identifies its source If the SOFTWARE PRODUCT is labeled as an upgrade you must be properly licensed to use a product identified by Dell as being eligible for the upgrade in order to use the SOFTWARE PRODUCT A SOFTWARE PRODUCT labeled as an upgrade replaces and or supplements the product that formed the basis for your eligibility for the upgrade You may use the resulting upgraded product only in accordance with the terms of this SLA If the SOFTWARE PRODUCT is an upgrade of a component of a package of software programs that you licensed as a single product the SOFTWARE PRODUCT may be used and transferred only as part of that single product package and may not be s
107. you can include it in the same folder as the MSI installer GVClnstallXX MSI where XX is either 32 for 32 bit Windows platforms or 64 for 64 bit Windows platforms prior to running the installer The installation process now copies the default rcf to the program install directory After this installation when the user launches the Global VPN Client program the connection s defined in default rcf are used to create the configuration file Connections rcf in the C Users lt user gt AppData Roaming Dell SonicWALL Global VPN Client directory This is the easiest method for Global VPN Client users Perform the following steps to get the same profile from default rcf to all the users during installation Appendix A Using the Default rcf File for Global VPN Clients 47 1 Export the WAN groupVPN configuration from your Dell SonicWALL network security appliance the VPN Gateway or create default rcf if you want multiple connections 2 Rename the exported configuration file to default rcf 3 Extract the GVCInstallXX MSI from GVCSetupXX exe where XX is either 32 for 32 bit Windows platforms or 64 for 64 bit Windows platforms by typing the command line as follows GVCSetupXX exe T lt Path where you want MSI to be extracted gt C 4 Copy the default rcf file to same directory where you have the GVCInstallXX MSI installer file 5 Launch the installer GVCInstallXX MSI The installation process will copy default rcf to the GVC Install
108. you want to retain the same Dell SonicWALL VPN Adapter MAC address the next time you install the Global VPN Client Click Next After the Global VPN Client is removed restart your computer when prompted to do so Configuring Dell SonicWALL Appliances for Global VPN Clients The SonicOS GroupVPN policy provides the automatic provisioning of Dell SonicWALL Global VPN Client from the Dell SonicWALL security appliance The GroupVPN policy is only available for Dell SonicWALL Global VPN Clients SonicOS GroupVPN supports two IPsec keying modes IKE using shared secret and IKE using 3rd Party Certificates Once you create the GroupVPN policy you configure GroupVPN to automatically provision Dell SonicWALL Global VPN Clients by downloading the policy or exporting the policy file for manual installation in the Dell SonicWALL Global VPN Client Configuring Dell SonicWALL Appliances for Global VPN Clients 45 Note For information on configuring GroupVPN on the Dell SonicWALL appliance to support Dell SonicWALL Global VPN Client refer to the SonicOS Administrator s Guide All Dell SonicWALL product documentation is available from the Support page at http www sonicwall com us en support html Dell SonicWALL Global VPN Client Licenses Global VPN Client Licensing is based on the number of simultaneous Global VPN Client connections to a Dell SonicWALL appliance If the number of simultaneous Global VPN Client connections is exceeded SonicOS
Download Pdf Manuals
Related Search