Configuring Windows Networking for the SonicWALL VPN Client Tech Notes Prepared by SonicWALL Inc. 1160 Bordeaux Dr. Sunnyvale, CA 94089 Phone: 408-745-9600
Summary: This document assists Network Administrators and end-users setting up Windows Networking across a VPN tunnel using the SonicWALL VPN Client Testing the VPN tunnel: This technical note assumes that SonicWALL VPN Client has been installed and configured correctly by importing a configuration file. To verify that the VPN tunnel is set properly, ping an IP address of a machine on the remote network. Figure 1 shows an example of pinging the remote machine through the VPN tunnel. Figure 1 If you get a ping reply then the VPN tunnel is working. You may need to repeat the ping more than once because there is a delay in the VPN tunnel getting established. If your ping is unsuccessful, open the VPN client log viewer by right clicking on the VPN client icon in your system tray and select Log Viewer. A successful VPN tunnel negotiation will have SPI values at the bottom of the log window as shown in Figure 2. Figure 2
Note: The log viewer will only display information when using IKE as opposed to Manual Keys. If you do not see the SPI values, and an error message Hash Payload incorrect, you may have entered the incorrect Pre-Shared key. If you see other error messages, please contact your Network Administrator. Configuring Windows Networking Once the VPN Tunnel has been successfully setup, you can configure Windows networking and browse the Network Neighborhood across the VPN tunnel. Before logging into the remote domain, you will need the following information from your Network Administrator: 1. NT account (your username and password) 2. NT domain name 3. WINS Server (mandatory for NT server, Windows 2000 server can use DNS 4. Internal DNS (optional) 1. Open the Network dialog box appears (Figure 3). Figure 3 2. Click on the TCP/IP properties for either the Dial-Up Adapter or the network adapter you re using for your dedicated Internet connection. If you have a dedicated connection without a firewall, your unprotected VPN Client connection may become a vulnerable point for hackers to enter your VPN tunnel. We recommend you use the SonicWALL TELE2, which eliminates the need to install VPN clients on each computer on your network. If you are using a dial-up modem connection, security is not an issue due to the short connection time and changing IP address. 3. Select Client for Microsoft Networks and click Properties. Check the box, Logon to Windows NT domain and enter the domain name given to you by your Network Administrator and select Quick logon. An example is shown in Figure 4.
Figure 4 4. Click on the Identification tab (Figure 5) and enter the domain name of the remote network in the Workgroup field Figure 5 5. Click on TCP/IP -> Dial Up Adaptor and enter the WINS server IP address given to you by your Network Administrator in the WINS Configuration tab (Figure 6).
Figure 6 6. If your network administrator gave you an internal DNS, click on the DNS Configuration tab and enter the DNS IP address. 7. Restart your computer and go through the login process. If you have a dedicated connection, you should be able to login directly to your domain. The VPN tunnel should come up when you are trying to find your WINS server to login to the domain. If you get the error message that you were not able to find your network controller, re-try to login to the domain by hitting cancel and getting the login screen (insert picture). If you are still unable to login to the domain, click ok to login to the box. Check that your VPN tunnel is working. If not check with your network administrator to correct the process and try again. If your VPN tunnel is up and you can ping machines on the remote network, you should still be able to browse the network neighborhood and use the print servers. If you try to access a network resource before your VPN tunnel is established, it will fail and will never retry to access the domain controller. You will be able to mount drives and access network printers, but won t be able to browse the network until you reboot. If you are using Dial-up connection, enable Windows Networking over your dial-up connection. Under Dial-up Network, right click on your dial-up connection and select properties and the select Server Types. An example using Windows 98 is shown in Figure 7.
Figure 7 When using a dial-up connection you will have to login into your machine without reaching your Domain Controller. When you get connected through your service provider, your VPN tunnel should be established as well. If this tunnel gets established while the Microsoft Networking is logging into the domain, then you will be able to browse the Network Neighborhood. If the tunnel doesn t fails to get established in time, then you will not be able to browse the network, but you will be able to mount network drives and use network printers when the VPN tunnel is established. Note: For more information or help, please contact you Network Administrator. Locating Computers across the VPN tunnel without Windows NT Networking and WINS If you do not have a Network Domain Server on the private LAN, you will not be able to setup a WINS server and browse Windows Network Neighborhood. To access shared resources on remote computers you will need to know the private IP address of the remote computer and use the Find computer tool from the start menu shown in Figure 8. Figure 8
If the VPN tunnel is established and the remote computer has sharing enabled you can access the remote computer s resources by double clicking on the computer icon as shown above.