Справочник Пользователя для SonicWALL 5.8.1
VPN > Settings
905
SonicOS 5.8.1 Administrator Guide
–
To manage the remote SonicWALL through the VPN tunnel, select HTTP, HTTPS, or
both from Management via this SA. Select HTTP, HTTPS, or both in the User login
via this SA to allow users to login using the SA.
both from Management via this SA. Select HTTP, HTTPS, or both in the User login
via this SA to allow users to login using the SA.
–
If you wish to use a router on the LAN for traffic entering this tunnel destined for an
unknown subnet, for example, if you configured the other side to Use this VPN Tunnel
as default route for all Internet traffic, you should enter the IP address of your router
into the Default LAN Gateway (optional) field.
unknown subnet, for example, if you configured the other side to Use this VPN Tunnel
as default route for all Internet traffic, you should enter the IP address of your router
into the Default LAN Gateway (optional) field.
–
Select an interface or zone from the VPN Policy bound to menu. A zone is the
preferred selection if you are using WAN Load Balancing and you wish to allow the VPN
to use either WAN interface.
preferred selection if you are using WAN Load Balancing and you wish to allow the VPN
to use either WAN interface.
Step 15
Click OK.
Configuring VPN Failover to a Static Route
Optionally, you can configure a static route to be used as a backup route in case the VPN tunnel
goes down. The Allow VPN path to take precedence option allows you to create a backup
route for a VPN tunnel. By default, static routes have a metric of one and take precedence over
VPN traffic. The Allow VPN path to take precedence option gives precedence over the route
to VPN traffic to the same destination address object. This results in the following behavior:
goes down. The Allow VPN path to take precedence option allows you to create a backup
route for a VPN tunnel. By default, static routes have a metric of one and take precedence over
VPN traffic. The Allow VPN path to take precedence option gives precedence over the route
to VPN traffic to the same destination address object. This results in the following behavior:
•
When a VPN tunnel is active: static routes matching the destination address object of the
VPN tunnel are automatically disabled if the Allow VPN path to take precedence option
is enabled. All traffic is routed over the VPN tunnel to the destination address object.
VPN tunnel are automatically disabled if the Allow VPN path to take precedence option
is enabled. All traffic is routed over the VPN tunnel to the destination address object.
•
When a VPN tunnel goes down: static routes matching the destination address object of
the VPN tunnel are automatically enabled. All traffic to the destination address object is
routed over the static routes.
the VPN tunnel are automatically enabled. All traffic to the destination address object is
routed over the static routes.
To configure a static route as a VPN failover, complete the following steps:
Step 1
Navigate to the Network > Routing page.
Step 2
Scroll to the bottom of the page and click on the Add button. The Add Route Policy window is
displayed.
displayed.
Step 3
Select the appropriate Source, Destination, Service, Gateway, and Interface.
Step 4
Leave the Metric as 1.
Step 5
Enable the Allow VPN path to take precedence checkbox.
Step 6
Click OK.
For more information on configuring static routes and Policy Based Routing, see
Route Based VPN
A policy-based approach forces the VPN policy configuration to include the network topology
configuration. This makes it difficult for the network administrator to configure and maintain the
VPN policy with a constantly changing network topology.
configuration. This makes it difficult for the network administrator to configure and maintain the
VPN policy with a constantly changing network topology.
With the Route Based VPN approach, network topology configuration is removed from the VPN
policy configuration. The VPN policy configuration creates a Tunnel Interface between two end
points. Static or Dynamic routes can then be added to the Tunnel Interface. The Route Based
VPN approach moves network configuration from the VPN policy configuration to Static or
Dynamic Route configuration.
policy configuration. The VPN policy configuration creates a Tunnel Interface between two end
points. Static or Dynamic routes can then be added to the Tunnel Interface. The Route Based
VPN approach moves network configuration from the VPN policy configuration to Static or
Dynamic Route configuration.