SonicWALL TZ 190 Manuale Utente
VPN > Settings
557
SonicOS Enhanced 4.0 Administrator Guide
Configuring GroupVPN with IKE using 3rd Party Certificates
To configure GroupVPN with IKE using 3rd Party Certificates, follow these steps:
Caution
Before configuring GroupVPN with IKE using 3rd Party Certificates, your certificates must
be installed on the SonicWALL.
be installed on the SonicWALL.
Step 1
In the VPN > Settings page click the edit icon under Configure. The VPN Policy window is
displayed.
displayed.
Step 2
In the Security Policy section, select IKE using 3rd Party Certificates from the
Authentication Method menu. The VPN policy name is GroupVPN by default and cannot be
changed.
Authentication Method menu. The VPN policy name is GroupVPN by default and cannot be
changed.
Step 3
Select a certificate for the SonicWALL from the Gateway Certificate menu.
Step 4
Select one of the following Peer ID types from the Peer ID Type menu:
–
E-Mail ID and Domain Name - The Email ID and Domain Name types are based on
the certificate's Subject Alternative Name field, which is not contained in all certificates
by default. If the certificate does not contain a Subject Alternative Name field, this filter
will not work. The E-Mail ID and Domain Name filters can contain a string or partial
string identifying the acceptable range required. The strings entered are not case
sensitive and can contain the wild card characters * (for more than 1 character) and ?
(for a single character). For example, the string *@sonicwall.com when E-Mail ID is
selected, would allow anyone with an email address that ended in sonicwall.com to
have access; the string *sv.us.sonicwall.com when Domain Name is selected, would
allow anyone with a domain name that ended in sv.us.sonicwall.com to have access.
the certificate's Subject Alternative Name field, which is not contained in all certificates
by default. If the certificate does not contain a Subject Alternative Name field, this filter
will not work. The E-Mail ID and Domain Name filters can contain a string or partial
string identifying the acceptable range required. The strings entered are not case
sensitive and can contain the wild card characters * (for more than 1 character) and ?
(for a single character). For example, the string *@sonicwall.com when E-Mail ID is
selected, would allow anyone with an email address that ended in sonicwall.com to
have access; the string *sv.us.sonicwall.com when Domain Name is selected, would
allow anyone with a domain name that ended in sv.us.sonicwall.com to have access.