User Guide
SonicWALL VPN Page 125
7. Select Encrypt and Authenticate (ESP DES HMAC MD5) from the Phase 2
Encryption/Authentication menu.
8. Type the Shared Secret in the Shared Secret text box or use the Shared Secret
automatically generated by the SonicWALL. The Shared Secret should consist of a
combination of letters and numbers rather than the name of a family member, pet, etc.
It is also case-sensitive.
9. Click Advanced Settings to open the window. Select any of the following boxes that
apply to your SA:
• Require XAUTH/RADIUS (Only allows VPN clients) if using a RADIUS server.
• Enable Windows Networking (NetBIOS) broadcast - if remote clients use
Windows Network Neighborhood to browse remote resources.
• Apply NAT and firewall rules - to apply NAT and firewall rules to the SA or just
firewall rules if in Standard mode.
• Forward packets to remote VPNs - if creating a “hub and spoke” network
• Enable Perfect Forward Secrecy - for additional security.
• Phase 2 DH Group - generates a additional key exchange.
• Default LAN Gateway - The Default LAN Gateway field allows the network
administrator to specify the IP address of the default LAN route for incoming IPSec
packets for this SA.
10. Click Update to enable the changes.
To export the Group VPN settings to remote VPN clients, click on Export next to VPN
Client Configuration File. The security file can be saved to a floppy disk or e-mailed to
a remote VPN client. The Shared Secret, however, is not exported, and must be entered
manually by the remote VPN client. Also, the SA must be enabled to export the
configuration file.
Note: You must use the Group VPN Security Association even if you have only one
VPN client to deploy. The Group VPN Security Association defaults to the Simple
Configuration previously available in firmware version 5.1.1.
integrated_manual.book Page 125 Friday, October 12, 2001 2:56 PM