Sonicwall VPN W/ PGP Client

SonicWALL VPN W/ PGP Client

Testing environment Hardware/Software: SonicWALL Pro firmware version 6.0.0.0 PGP Client version 7.0.1

Configurations tested PGP set as follows: 1. Main Mode – 3DES,MD5,DH Group 2 2. Main Mode – 3DES,MD5,DH Group 5 3. Aggressive Mode – 3DES,MD5, DH Group 2 4. Aggressive Mode – 3DES,MD5, DH Group 5 SW Pro set as follows: 1. Group VPN, Shared Secret, (ESP 3DES HMAC MD5) 2. New SA, Shared Secret, (ESP 3DES HMAC MD5)

Note: This document assumes that the SonicWALL Pro has been through initial configuration, and the PGP client has been installed.

Page 1 of 15 SonicWALL VPN W/ PGP Client

Configure the SonicWALL VPN VPN Configuration #1 Click on the VPN tab → Configure Tab

Fill in the fields as follows:

Security Association: GroupVPN IPSec Keying Mode: IKE using pre-shared secret Disable This SA: Make sure there is not a check mark in the box Require XAUTH/RADIUS: Make sure there is not a check mark in the box SA Life time: Anything you choose. Default is fine Encryption Method: Strong Encrypt and Authenticate (ESP 3DES HMAC MD5) Shared Secret: Anything you choose. Needs to be the same on the PGP Client

Click → Update Tab

Page 2 of 15 SonicWALL VPN W/ PGP Client

VPN Configuration #2 Click on the VPN tab → Configure Tab

Fill in the fields as follows:

Security Association: Add New SA IPSec Keying Mode: IKE using pre-shared secret Name: Enter a descriptive name for the SA Disable This SA: Make sure there is not a check mark in the box IPSec Gateway Address: Leave Blank Require XAUTH/RADIUS: Make sure there is not a check mark in the box Enable Windows Networking: Does not matter SA Life time: Anything you choose. Default is fine Encryption Method: Strong Encrypt and Authenticate (ESP 3DES HMAC MD5) Shared Secret: Anything you choose. Needs to be the same on the PGP Client Add New Network: Do not add any networks

Click → Update Tab

Page 3 of 15 SonicWALL VPN W/ PGP Client

Configure the PGP Client Right click on the PGP icon (looks like a lock) in the system tray: Select PGPNet → VPN

Select View → Options

Page 4 of 15 SonicWALL VPN W/ PGP Client

Select → VPN tab from the PGP options screen

Fill in the fields as follows:

Enable VPN connections: Make sure this is checked Dynamic VPN: Does not matter Automatic Key Renewal: Default Values are fine, or choose the settings you want.

Page 5 of 15 SonicWALL VPN W/ PGP Client

Click → Advanced tab on the PGP Options screen

Make sure that TripleDES is checked in the allowed algorithms section.

Page 6 of 15 SonicWALL VPN W/ PGP Client

Click → VPN Advanced tab on the PGP Options screen

Fill the fields in the following way:

Allowed Remote Proposals section: Make sure that TripleDES, and MD5 are checked, and One of the following 1024 bits(DH Group 2), or 1536 bits(DH Group 5) must be checked. You can check both of them. LZS and Deflate are not checked.

Proposals sections: IKE Section: You must have one entry in this section. Select New → IKE Proposal Choose the following parameters for your proposal. Shared Secret, MD5, TripleDES, 1024 or 1536 need to select the same one you selected above. If you selected both 1024 and 1536 you can create another IKE proposal for the other one. Click → OK

Page 7 of 15 SonicWALL VPN W/ PGP Client

IPSec Section: You must have one entry in this section Select New → IPSec Proposal Choose the following parameters for your proposal. AH and IPPCP boxes are not checked. ESP box is checked. Hash: MD5 Cipher: TripleDES

Click →OK →OK when finished.

If the shield in the upper right hand corner by PGPNet is grayed out, left click on it once to enable PGPNet. It should turn it GOLD.

Click → Add

Page 8 of 15 SonicWALL VPN W/ PGP Client

If this screen pops up after clicking Add, then click → Use Expert Mode. Otherwise skip this step.

Page 9 of 15 SonicWALL VPN W/ PGP Client

Configure the secure Gateway(SonicWALL)

Fill the fields in the following way:

Name: Descriptive name for the SonicWALL IP Address: The IP address of the SonicWALL Make sure Secure Gateway is selected from the drop down menu Select Connect automatically or require manual connection Aggressive Mode: Can check (aggressive) or leave unchecked (main mode) If you check aggressive mode, authentication type is normal. Remote Authentication: Any valid key Shared Secret: Click → Set Shared Passphrase

Page 10 of 15 SonicWALL VPN W/ PGP Client

If this screen pops up after clicking Set Shared Passphrase, Click → OK. Otherwise skip this step.

Enter your shared secret. Note: This should be the same as the shared secret you entered on the SonicWALL.

Click→ OK →OK.

Page 11 of 15 SonicWALL VPN W/ PGP Client

Highlight the entry you just created.

Click → Add

Click → YES

Page 12 of 15 SonicWALL VPN W/ PGP Client

Enter information for the insecure subnet: (subnet behind SonicWALL)

Select Insecure Subnet from the drop down menu where it says secure host.

Page 13 of 15 SonicWALL VPN W/ PGP Client

Fill in the fields the following way:

Enter a descriptive name for the subnet behind the SonicWALL Enter the IP address of the network Enter the Subnet Mask for the network

Click →OK

Initiate the tunnel

Highlight the secure gateway you created. You can then click → connect at the bottom of the screen, or you can right click on the gateway and select connect. When the tunnel comes up you will see Green Dots under the SA field.

Page 14 of 15 SonicWALL VPN W/ PGP Client

You can now send secure traffic over the VPN.

Page 15 of 15