SonicWALL VPN W/ PGP Client
Testing environment Hardware/Software: SonicWALL Pro firmware version 6.0.0.0 PGP Client version 7.0.1
Configurations tested PGP set as follows: 1. Main Mode – 3DES,MD5,DH Group 2 2. Main Mode – 3DES,MD5,DH Group 5 3. Aggressive Mode – 3DES,MD5, DH Group 2 4. Aggressive Mode – 3DES,MD5, DH Group 5 SW Pro set as follows: 1. Group VPN, Shared Secret, (ESP 3DES HMAC MD5) 2. New SA, Shared Secret, (ESP 3DES HMAC MD5)
Note: This document assumes that the SonicWALL Pro has been through initial configuration, and the PGP client has been installed.
Page 1 of 15 SonicWALL VPN W/ PGP Client
Configure the SonicWALL VPN VPN Configuration #1 Click on the VPN tab → Configure Tab
Fill in the fields as follows:
Security Association: GroupVPN IPSec Keying Mode: IKE using pre-shared secret Disable This SA: Make sure there is not a check mark in the box Require XAUTH/RADIUS: Make sure there is not a check mark in the box SA Life time: Anything you choose. Default is fine Encryption Method: Strong Encrypt and Authenticate (ESP 3DES HMAC MD5) Shared Secret: Anything you choose. Needs to be the same on the PGP Client
Click → Update Tab
OR
Page 2 of 15 SonicWALL VPN W/ PGP Client
VPN Configuration #2 Click on the VPN tab → Configure Tab
Fill in the fields as follows:
Security Association: Add New SA IPSec Keying Mode: IKE using pre-shared secret Name: Enter a descriptive name for the SA Disable This SA: Make sure there is not a check mark in the box IPSec Gateway Address: Leave Blank Require XAUTH/RADIUS: Make sure there is not a check mark in the box Enable Windows Networking: Does not matter SA Life time: Anything you choose. Default is fine Encryption Method: Strong Encrypt and Authenticate (ESP 3DES HMAC MD5) Shared Secret: Anything you choose. Needs to be the same on the PGP Client Add New Network: Do not add any networks
Click → Update Tab
Page 3 of 15 SonicWALL VPN W/ PGP Client
Configure the PGP Client Right click on the PGP icon (looks like a lock) in the system tray: Select PGPNet → VPN
Select View → Options
Page 4 of 15 SonicWALL VPN W/ PGP Client
Select → VPN tab from the PGP options screen
Fill in the fields as follows:
Enable VPN connections: Make sure this is checked Dynamic VPN: Does not matter Automatic Key Renewal: Default Values are fine, or choose the settings you want.
Page 5 of 15 SonicWALL VPN W/ PGP Client
Click → Advanced tab on the PGP Options screen
Make sure that TripleDES is checked in the allowed algorithms section.
Page 6 of 15 SonicWALL VPN W/ PGP Client
Click → VPN Advanced tab on the PGP Options screen
Fill the fields in the following way:
Allowed Remote Proposals section: Make sure that TripleDES, and MD5 are checked, and One of the following 1024 bits(DH Group 2), or 1536 bits(DH Group 5) must be checked. You can check both of them. LZS and Deflate are not checked.
Proposals sections: IKE Section: You must have one entry in this section. Select New → IKE Proposal Choose the following parameters for your proposal. Shared Secret, MD5, TripleDES, 1024 or 1536 need to select the same one you selected above. If you selected both 1024 and 1536 you can create another IKE proposal for the other one. Click → OK
Page 7 of 15 SonicWALL VPN W/ PGP Client
IPSec Section: You must have one entry in this section Select New → IPSec Proposal Choose the following parameters for your proposal. AH and IPPCP boxes are not checked. ESP box is checked. Hash: MD5 Cipher: TripleDES
Click →OK →OK when finished.
If the shield in the upper right hand corner by PGPNet is grayed out, left click on it once to enable PGPNet. It should turn it GOLD.
Click → Add
Page 8 of 15 SonicWALL VPN W/ PGP Client
If this screen pops up after clicking Add, then click → Use Expert Mode. Otherwise skip this step.
Page 9 of 15 SonicWALL VPN W/ PGP Client
Configure the secure Gateway(SonicWALL)
Fill the fields in the following way:
Name: Descriptive name for the SonicWALL IP Address: The IP address of the SonicWALL Make sure Secure Gateway is selected from the drop down menu Select Connect automatically or require manual connection Aggressive Mode: Can check (aggressive) or leave unchecked (main mode) If you check aggressive mode, authentication type is normal. Remote Authentication: Any valid key Shared Secret: Click → Set Shared Passphrase
Page 10 of 15 SonicWALL VPN W/ PGP Client
If this screen pops up after clicking Set Shared Passphrase, Click → OK. Otherwise skip this step.
Enter your shared secret. Note: This should be the same as the shared secret you entered on the SonicWALL.
Click→ OK →OK.
Page 11 of 15 SonicWALL VPN W/ PGP Client
Highlight the entry you just created.
Click → Add
Click → YES
Page 12 of 15 SonicWALL VPN W/ PGP Client
Enter information for the insecure subnet: (subnet behind SonicWALL)
Select Insecure Subnet from the drop down menu where it says secure host.
Page 13 of 15 SonicWALL VPN W/ PGP Client
Fill in the fields the following way:
Enter a descriptive name for the subnet behind the SonicWALL Enter the IP address of the network Enter the Subnet Mask for the network
Click →OK
Initiate the tunnel
Highlight the secure gateway you created. You can then click → connect at the bottom of the screen, or you can right click on the gateway and select connect. When the tunnel comes up you will see Green Dots under the SA field.
Page 14 of 15 SonicWALL VPN W/ PGP Client
You can now send secure traffic over the VPN.
Page 15 of 15