USER'S GUIDE
Contents
1. Pocket G C er 42501 New Connection Create a new Office Gateway or Remote Access connection Specifv the type of connection to add Office Gateway Secure access to a local tirewall 0 Remote Access Secure access to a remote firewall Peer IP Address or Domain Name 2 Inthe New Connection screen select Office Gateway or Remote Access 3 If you selected Office Gateway the Pocket GVC is automatically configured to associate with SonicWALL wireless gateways 4 If you selected Remote Access enter the IP address or FQDN of the SonicWALL gateway in the IP Address or Domain Name field A Pocket GVC er 4 10 16 B New Connection Create a new Office Gateway or Remote Access connection Specify the type of connection to add Office Gateway Secure access to a local tirewall 8 Remote Access Secure access to a remote firewall Peer IP Address or Domain Name gateway yourcompany corr OK Cancel Ej 5 Tap OK Your new VPN connection profile is displayed in the Pocket GVC screen Page 7 Importing a VPN Configuration File A VPN configuration file can be exported from the SonicWALL gatewav and sent to vou bv the SonicWALL gateway administrator This VPN configuration file has the filename extension rcf If you received a VPN configuration file from your administrator you can import it into the Pocket GVC The VPN policy file is in the XML format to provide more eff2. To open the Pocket GVC Log screen tap the Log Viewer button on the Pocket GVC Command Bar or choose View gt Log Viewer The Pocket GVC Log screen displays messages about Pocket GVC events It displavs the type of message Information Error or Warning the peer IP address or FQDN and the date and time the message was generated EB Pocket GVCLog 49 32 DB Message a Received policy c Peer 39 172 18 1 1 9172 18 1 1 172 18 1 1 172 18 1 1 172 18 1 1 172 18 1 1 8 172 18 1 1 Sending policy ac The configuratio Starting ISAKMP Starting quick mo The SA lifetime f Phase 2 with 0 0 D local host gt Saving configurati D local host gt The configuratio Type Peer Timestamp File Edit View KJE FE ER map The Log Viewer provides the following features to help you manage log messages To save a current log to a txt file select File gt Save Log To enable logging select View gt Start Capturing Messages or choose View gt Stop Capturing Messages to disable log message capturing or tap the Start Stop Capturing Messages button on the Command Bar To start or stop automatic scrolling of messages to the latest message select View gt Start Auto Scroll or View gt Stop Auto Scroll or tap the Auto Scroll button on the Command Bar To clear current log information choose Edit gt Clear or tap the Clear button on the Command Bar To specify the message dis
3. Enable Dead Peer Detection automatically detects if the peer stops responding e Settings Displays the DPD Dead Peer Detection screen AF Pocket G C E 4 9 35 DPD Settings Specify advanced settings for dead peer detection DPD Check for dead peer every Assume peer is dead after 5 Failed Checks Send DPD Packets B Only when no traffic is received from the peer 0 Whether or not traffic is received from the peer Check for dead peer every choose from 5 10 15 20 25 or 30 seconds Assume peer is dead after choose from 3 4 or 5 Failed Checks The default gateway is the peer specifies the default gateway as the peer IP address This setting Send DPD Packets specifies the conditions under which DPD packets will be sent Choose either Only when no traffic is received from the peer default or Whether or not traffic is received from the peer NAT Traversal choose one of the following three menu options Automatic automatically detects if a NAT device is located between the connection end points Forced On forces the use of UDP encapsulation of IPSec packets even when there is no NAPT NAT device between the peers Disabled disables the auto detection of NAT devices in between the connection endpoints In this case if there isa NAT device IPSec pass though must be enabled on the NAT device default is 3 Seconds You can choose from 1 to 10 seconds for ISAKMP nego
4. 0800 446489 Singapore 800 110 1441 Spain 34 0 9137 53035 Switzerland 41 1 308 3 977 UK 44 0 1344 668 484 g Note Please visit www sonicwall com services contact html for the latest technical support telephone numbers Page 4 SonicWALL Pocket Global VPN Client 3 0 User s Guide SonicWALL Pocket Global VPN Client SonicWALL Pocket GVC enables users of hand held devices such as PDAs running Microsoft Windows Mobile 2003 operating svstem to securelv access corporate resources through corporate or public wireless access existing corporate dial up facilities or GPRS modems Sj Note Pocket GVC is part of SonicWALL s Distributed Wireless Solution which enables secure authenticated integrated and centrally managed wireless network deployment for organizations of all sizes For more information on SonicWALL s Distributed Wireless Solution go to www sonicwall com Installing the Pocket Global VPN Client The following steps explain how to install the SonicWALL Pocket GVC application Before you Begin You need the following to install and use the SonicWALL Pocket GVC e A PDA running Microsoft Windows Mobile 2003 with a connected cradle activated for synchronization e A PDA with a dial up modem GPRS modem or an wireless adaptor e Aregistered 3rd Gen SonicWALL security appliance running firmware version 6 4 2 0 or higher a registered 4th Gen SonicWALL security appliance with license management support or a reg
5. allowed AF Pocket GYC e ESEA ER Connection Warning Traffic is only allowed to secured peers Enabling this connection will block all traffic that does not get sent to a secured peer This means that you may no longer be able to browse the Internet share lo 5 etc Do you want to continue L Jif yes don t show this dialog again Yes No Ej Tap OK to continue with establishing your VPN connection Once your VPN connection has successfully completed Connected is displayed in the Status column and a green checkmark appears to the right of VPN connection profile name A pop up notification dialog is displayed at the top of the Pocket GVC screen after the IPSec tunnel is established This indicates the PDA is now ready to send and receive data over the tunnel Page 9 30 Note The pop up notification dialog indicates the final results of ISAKMP negotiations Accessing Redundant VPN Gateways Pocket GVC supports redundant VPN gateways by manually adding the peer in the Peers page of the VPN connection s Properties screen Redundant VPN gateways are automatically added if the IPSec gateway s domain name resolves to multiple IP address For example if gateway yourcompany com resolves to 67 115 118 7 67 115 118 8 and 67 115 118 9 Pocket GVC cycles through the list of resolved IP addresses until it finds a gateway that responds allowing the list of IP addresses to be used as redundant gateways If all the resolved IP
6. dead peer detection packets L Log NAT keep alive packets L Enable auto logging General Logging OK Cancel E screen provides the following logging messages to log e Maximum log messages to keep specifies the maximum number of log messages in a FIFO First In First Out queue The default number is 100 Entering 0 means no maximum number of messages e Log ISAKMP header information enables the logging of all ISAKMP events with header information e Log dead peer detection packets enables the logging of dead peer detection packets sent and received e Log NAT keep alive packets logs NAT traversal keep alive packets send and received e Enable auto logging enables auto logging to a file Page 17 Tapping the Settings button allows vou specifv settings for logging messages to a file Pocket GYC E 29 34 D Specify settings for auto logging messages to a file Enter the name of the auto log file l 19 Overwrite existing file when auto logging starts Set size limit on auto log file Maximum file size When maximum file size is reached Ask me what to do OK Cancel Ej e Enter the name of the auto log file specifies the file name to save the logging messages Tapping on the button allows you to specify the location of your auto log file e Overwrite existing file when auto logging starts overwrites the current log file when you exit and restart the Pocket GVC e Set size limit on
7. of the SonicWALL Pocket Global VPN Client as well as the system it s running on Information in this report includes e Version information e Drivers e System information e IP addresses e route table e SPD table e ARP table e Current log messages To view the report in the default text editor window tap the View the Generated Report button To save the report to a text file tap the Save the Generated Report button Page 19 Technical Support Selecting Help gt Technical Support accesses the SonicWALL Support site www sonicwall com support The SonicWALL Support site offer a full range of support services including extensive online resources and information on SonicWALL s enhanced support programs Configuring SonicWALL VPN Gatewavs for Pocket Global VPN Clients SonicWALL Auto Policv Provisioning feature enables automatic provisioning of SonicWALL Pocket GVC from the SonicWALL security appliance SonicWALL s GroupVPN policy on the SonicWALL gateway is only available for SonicWALL Global VPN Clients and SonicWALL Pocket Global VPN Clients SonicWALL GroupVPN supports the IKE using shared secret IPSec keying mode for Pocket Global VPN Clients Once you create the GroupVPN policy for your Pocket GLobal VPN Clients the GroupVPN policy automatically provisions SonicWALL Pocket Global VPN Clients by downloading the policy or exporting the policy file for manual installation a Note For information on configuring Grou
8. screen allows you to specify an ordered list of VPN gateway peers that this connection profile can use multiple entries allow a VPN connection to use them for redundant SonicWALL VPN gateways An attempt is made to establish a VPN connection to the given VPN gateway peers in the order they appear in the list E 42505 eS Specify a list of peers to which this connection can establish security AF Pocket G C Specify the list of peers Security will be established to the given peers in the order they appear here sDefault Gateway gt General Peers Status OK Cancel Apply Ej To add a peer entry tap Add The Peer Information screen is displayed To edit a peer entry select the peer name and tap Edit The Peer Information screen is displayed To delete a peer entry select the peer entry and tap Remove You can change the order in the list of peers using the Up and Down buttons Page 13 Peer Information Settings The Peer Information page allows vou to add or edit peer information G Pocket G C E 4 9 35 QD Peer Information Specify the settings used to connect to this peer IP Address or DNS Name L The default gateway is the peer Enable Dead Peer Detection Settings NAT Traversal Automatic Timeout Retries 3 Seconds 3 Attempts v Add cane ap IP Address or DNS Name specifies the peer VPN gateway IP address or DNS name is only for Office Gateway profile
9. IDENTAL OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITV ARISING OUT OF THE USE OF OR INABILITV TO USE HARDWARE OR SOFTWARE EVEN IF SONICWALL OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES In no event shall SonicWALL or its suppliers liabilitv to Customer whether in contract tort including negligence or otherwise exceed the price paid bv Customer The foregoing limitations shall applv even if the above stated warrantv fails of its essential purpose BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES THE ABOVE LIMITATION MAY NOT APPLY TO YOU Page 2 SonicWALL Pocket Global VPN Client 3 0 User s Guide About this Guide Thank you for choosing the SonicWALL Pocket Global VPN Client Pocket GVC for use with your PDA running the Microsoft Windows Mobile 2003 operating svstem The SonicWALL Pocket Global VPN Client 3 0 User s Guide provides complete documentation on installing configuring and using SonicWALL Pocket GVC pp Note For documentation on configuring the SonicWALL security appliance to Support SonicWALL Pocket GVC refer to the Administrators Guide for your SonicWALL security appliance All SonicWALL product documentation is available at www sonicwall com services documentation html Conventions Used in this Guide Conventions used in this guide are as follows iach Se Bold Highlights items you can select on the Pock
10. PSec tunnel In the Pocket GVC screen tap and hold on the VPN connection entry you want to disable to display the pop up menu Select Disable from the menu You can also click the Disable button on the Pocket GVC Command Bar Page 10 SonicWALL Pocket Global VPN Client 3 0 User s Guide Specifying Pocket GVC Launch Options You can specify how Pocket GVC launches and what notification messages appear from the View gt Options menu Specify general settings that control how this program behaves L Launch this program at startup CI Warn me before enabling a connection that will block my Internet traffic General Logging OK Cancel Ej e Launch this program at startup launches the Pocket GVC when you start your PDA e Warn me before enabling a connection that will block my Internet traffic activates Connection Warning message notifying you that the VPN connection blocks Internet and local network traffic Managing VPN Connection Profiles The Pocket GVC supports adding as many connection profiles as available memory can support To help you manage these connection policies Pocket GVC provides the following connection management tools Arranging Connection Profiles You can arrange your VPN connection profiles in the Pocket GVC screen for easier access by choosing View gt Arrange Icons by You can arrange VPN connection profiles by Name Sorts connection profiles by name Status Sorts connection profile
11. addresses fail to respond Pocket GVC switches to the next peer if another peer is specified in the Peers screen for the VPN Connection Properties See Peer Settings on page 13 for more information Establishing Multiple Connections You can have more than one connection enabled concurrently but it depends on the connection policy parameters configured at the SonicWALL VPN gateway If you attempt to enable a subsequent connection when a currently connected VPN policy that does not allow multiple VPN connections the Cannot Enable Connection message appears informing you the VPN connection cannot be made because the currently active VPN policy does not allow multiple active VPN connection The currently enabled VPN connection policy must be disabled before enabling the new VPN connection Checking the Status of a VPN Connection Pocket GVC includes a variety of indicators to determine the status of your VPN connection The Status screen displays more detailed information about the status of an active VPN connection To display the Status screen for any VPN connection Tap and hold on the VPN connection name and select Status from the menu For a detailed description of the information displayed in the Status screen see Status on page 15 The Pocket GVC icon on the Command Bar displays a visual indicator of data passing between the client and the SonicWALL gateway Disabling a VPN Connection Disabling a VPN connection terminates the I
12. all of the material purchased with all backup copies can be sold given or loaned to another person Under the law copying includes translating into another language or format SonicWALL is a registered trademark of SonicWALL Inc Other product and company names mentioned herein can be trademarks and or registered trademarks of their respective companies Specifications and descriptions subject to change without notice July 2004 Limited Warranty SonicWALL Inc warrants that commencing from the delivery date to Customer but in any case commencing not more than ninety 90 days after the original shipment by SonicWALL and continuing for a period of twelve 12 months that the product will be free from defects in materials and workmanship under normal use This Limited Warranty is not transferable and applies only to the original end user of the product SonicWALL and its suppliers entire liability and Customer s sole and exclusive remedy under this limited warranty will be shipment of a replacement product At SonicWALL s discretion the replacement product may be of equal or greater functionality and may be of either new or like new quality SonicWALL s obligations under this warranty are contingent upon the return of the defective product according to the terms of SonicWALL s then current Support Services policies This warranty does not apply if the product has been subjected to abnormal electrical stress damaged by accident abuse mi
13. auto log file activates a maximum size limit for the log file e Maximum file size allows you to specify the log file size in KB or MB sizes e When maximum file size is reached instructs Auto logging what to do when the maximum log file size is reached Ask me what to do prompts you when the log file reaches maximum size to choose either Stop auto logging or Overwrite auto log file Stop auto logging stops auto logging when maximum file size is reached Overwrite auto log file overwrites existing auto log file after maximum file size is reached Page 18 SonicWALL Pocket Global VPN Client 3 0 User s Guide Generating a Troubleshooting Report Choosing Help gt Generate Report in the Pocket GVC screen generates a troubleshooting report to help solve problems vou mav encounter Pocket G C fil A Report Has Been Generated This report may help to solve any problems you may be experiencing This report contains information regarding the condition of the Sonic WALL Global VPN Client as well as the system on which it is running The information in this report includes version information for the application and drivers system information such as your IP Save the Generated Report View the Generated Report Done Ej Generate Report creates a report containing useful information for getting help in solving any problems you may be experiencing The report contains information regarding the condition
14. ec tunnel you can use the Log Viewer to view the error messages to troubleshoot the problem Enabling a Connection To establish a VPN tunnel using a connection profile you created in Pocket GVC follow these instructions pp Note Make sure your PDA has Internet connectivity and a valid IP address Choose Start gt Settings gt Connections to access the settings for your wireless card 1 2 3 Tap the Pocket GVC icon to launch the Pocket GVC application In the Pocket GVC screen tap and hold on the VPN connection entry you want to enable In the pop up menu select Enable You can also click the Enable button on the Command Bar after selecting the VPN connection The VPN gateway prompts you for a username and password for authentication if authentication is required A Pocket G C e 461204 ok Enter Username Password This peer requires that you log in with a username and password The peer does not allow saving of username and password ok Cancel E In the Enter Username and Password screen enter your username and password The message The peer does not allow saving of username and password is displayed in the Enter Username and Password screen If the VPN connection policy blocks Internet traffic when the VPN connection is active the Connection Warning screen is displayed This message alerts you that only network traffic destined for the remote network at the other end of the VPN tunnel is
15. et GVC interface For example tap the Pocket GVC icon to launch the Pocket GVC application Italic Highlights a value to enter into a field For example type 192 168 168 168 in the IP Address field Indicates a multiple step menu choice For example tap File gt Delete means tap the File menu then tap the Delete item from the File menu Icons Used in this Guide Alert Important information about features that can affect performance security features or cause potential problems with your SonicWALL Pocket GVC application Tip Useful information about security features and configurations on your SonicWALL Pocket GVC application a Note Related information to the section topic Page 3 SonicWALL Technical Support For timelv resolution of technical support questions visit SonicWALL on the Internet at www sonicwall com services support html Web based resources are available to help you resolve most technical issues or contact SonicWALL Technical Support To contact SonicWALL telephone support see the telephone numbers listed below North America Telephone Support U S Canada 888 777 1476 or 1 408 752 7819 International Telephone Support Australia 1800 35 1642 Austria 43 0 820 400 105 EMEA 31 0 411 617 810 France 33 0 1 4933 7414 Germany 49 0 1805 0800 22 Hong Kong 1 800 93 0997 India 8026556828 Italy 39 02 7541 9803 Japan 81 0 3 5460 5356 New Zealand
16. hase 1 enables the connection which completes the ISAKMP Internet Security Association and Key Management Protocol negotiation If XAUTH is enabled on the SonicWALL gateway the Pocket GVC user is prompted for username and password After a successful authentication auto policv provisioning downloads the VPN policy followed by Phase 2 is IKE negotiation using the policy attributes to establish the IPSec VPN tunnel for sending and receiving data When you enable a VPN connection the following information Status changes are displayed in the Pocket GVC screen 1 Disabled changes to Connecting Connecting changes to Authenticating when the Enter Username Password screen is displayed Authenticating changes to Connecting after entering your username and password Connecting changes to Provisioning Provisioning changes to Connected once the VPN connection is fully established green checkmark is displayed on the VPN connection profile icon SJ ll dl be Page 8 SonicWALL Pocket Global VPN Client 3 0 User s Guide Once the VPN connection is established a pop up notification is displaved It displavs the Connection Name Connected to IP address and the Virtual IP Address if enabled on the SonicWALL gateway A VPN connection that does not successfully connect displays an error mark red x on the left of the VPN connection profile name Error appears in the Status column pp Note f the Pocket GVC does not successfully establish the IPS
17. icient encoding of policy information Pre Shared keys for GroupVPN are also in the configuration file The configuration file can be encrypted using PKCS 5 Password Based Cryptography Standard from RSA Laboratories which uses 3DES encryption and SHA 1 message digest algorithms N Alert If your rcf file is encrypted you must have the password to import the configuration file into the Pocket GVC The following instructions explain how to add VPN connection profile by importing a configuration file provided by your SonicWALL gateway administrator 1 Inthe Pocket GVC screen choose File gt Import Connection The Import Connection screen is displayed Import Connection Import connection settings stored in a configuration fi nfiguration file Specify the configuration file to import If encrypted specify the password OK Cancel Ej 2 Type the file path for the configuration file in the Specify the configuration file to import field or tap the browse button to locate the file If the file is encrypted enter the password in the If the file is encrypted specify the password field 3 Tap OK N Alert Even though the VPN configuration is imported from the configuration file Pocket GVC downloads new configuration information every time a GroupVPN policy change is made on the SonicWALL security appliance Establishing a VPN Tunnel Establishing a VPN connection with Pocket GVC is a transparent two phase process P
18. iles i ae ip ne eee ee 11 Renaming a Connection Profile ss eenenennznnnnnnznnnnnnnnnna 11 Deleting Connection Profile s sirena 11 Selecting All Connection Proil L uLassvseaa4sasemssmanse 11 Customizing VPN Connection POlicies rrrrrrnrnvrnrnrnevnrnnrenrnnnnennnnnen 12 General Settings ER 12 VEE AUNE NNN ee eenin este nate E entrees een Smten en ene ty ae aeere 13 Peer SING Sse es ct re tenses ereecictrsersesteciehotrtaceaneceesiourteate deta EES 13 Peer Information Settings see 14 SE GE 15 OLSEN LE LON LO EEE EN EE 16 sa a Log Pile oe ee ence ee eee ee 17 Specifying Settings for Pocket GVC LOQQING c sscccsseeeeeeees 17 Generating a Troubleshooting Report enenennnnnnnnn mnn 19 lechmieal SUD DOU ei oren EEE OEE EAEE EEA EA EEEE EER 20 Configuring SonicWALL VPN Gateways for Pocket Global VPN Clients L nennnennnnnnnn nn men nnnnnn nn nanna 20 Page 1 Page 2 SonicWALL Pocket Global VPN Client 3 0 User s Guide Preface Copvright Notice 2004 SonicWALL Inc All rights reserved Under the copyright laws this manual or the software described within can not be copied in whole or part without the written consent of the manufacturer except in the normal use of the software to make a backup copy The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original This exception does not allow copies to be made for others whether or not sold but
19. istered SonicWALL wireless security appliance e The SonicWALL Pocket Global VPN Client 3 0 application PGVCSetup exe N Alent Make sure your PDA is connected to your desktop computer before installing the Pocket GVC application 1 Unzip the SonicWALL Pocket GVC program on your computer connected to the PDA 2 With your PDA connected with Microsoft ActiveSynch double click PGVCSetup exe on the desktop ty Microsoft ActiveSync File View Tools Help Sync Stop Details Explore Options Guest Connected Information Type Status 3 Click Next Pocket PC installation Pocket GVE will be installed on your Pocket PC now SonicWALL Pocket Global VPN Client Pocket GYC With SonicWALL Pocket Global VPN Client you have a simple easy to use solution for securely corporate network The Pocket GYC software provides mobile users with secure reliable access to corporate resources E inga ion to the network couldn t pet mang Daak med tf aie at hu tr sew Da wey a mark n E address The configuration i is automatically downloaded from the SonicWALL VPN gateway and the connection is enabled It s that simple Page 5 4 Read the license agreement then select I accept the terms of the license agreement Click Next f I du vet arcagt the luva inthe lumus apennert lt Back 5 Click Finish Page 6 SonicWALL Pocket Global VPN Client 3 0 User s Guide Creating a New Connection The first time yo
20. ly corrected Check the Log Viewer to determine the problem and then edit the connection This option is enabled by default If an error occurs with this option disabled during an attempted connection the Pocket GVC logs the error displays an error message dialog box and stops the connection attempt e Automatically reconnect when wake up automatically re enables the VPN connection policy after the computer wakes from a sleep or hibernation state Page 12 SonicWALL Pocket Global VPN Client 3 0 User s Guide User Authentication The User Authentication screen allows vou to enter the username and password if XAUTH is enabled on the SonicWALL VPN gatewav Pocket G C E 25 04 D Specify a username and password if required by the gateway CI Save my username and password GO The peer does not allow saving of username and password General User Authentication Peers status OK Cancel Apply E If the SonicWALL gateway is configured to disallow the caching of a username and password the Save my username and password check box setting is grayed out the message The peer does not allow saving of username and password appears at the bottom of the screen If the SonicWALL gateway allows the caching of a username and password check Save my username and password e Note The SonicWALL gateway can also give the Pocket GVC an option to cache the username and password in the configuration file Peer Settings The Peers
21. ons 10 N NAT traversal 14 New Connection screen 7 O Office Gateway connection 7 R redundant VPN gateways 10 Remote Access connection 7 S save username and password 13 SonicWALL Distributed Wireless Solution 5 SonicWALL technical support 4 status screen 15 V virtual IP address 15 VPN configuration file 8 encryption 8 importing 8 XAUTH 13 Page 21 SonicWALL Inc 1143 Borregas Avenue T 408 45 9600 www sonicwall com Sunnyvale CA 94089 1306 F 408 745 9300 2003 SonicWALL Inc SonicWALL is a registered trademark of SonicWALL Inc Other product and company names mentioned herein may be trademarks and or registered trademarks of their respective companies Specifications and descriptions subject to change with out notice P N232 000559 00 RevA 07 04 gt SONICWALL
22. p COMPREHENSIVE INTERNET SECURITY SONICW ALL POCKET GLOBAL VPN CLIENT USER S GUIDE SONICWALL gt Table of Contents FELE A 1 PN ina 1 ETEN ta 1 About this Guide a pcsa cree cyeeecsureee sv natrenettdntelpanieds sso tes tcaieonaivaioedte iets saaibenteunn mney snnesaines 3 Conventions Used in this Guide rrrrrannrrrrnnnnnonrannvrnrnnnenrnnnnennnnnnee 3 ee Used m this NE 3 SONICWALL Technical SUDDO er 4 North America Telephone Support ss snnnenenennnnzzennnnnzznnnnzznna 4 International Telephone Support ss nenennnnzzenennnznnennnnnnnnnnnnnna 4 SonicWALL Pocket Global VPN CHEM 1 cicc cause ceuasnceas cavecceusbensivatectsortes 5 Installing the Pocket Global VPN Client nn nnnnnnn nara nnnn 5 PE PEN i a i l 5 Creating New Connection 2 muasseammndeevrednetnsandnene 7 Importing a VPN Configuration File L nennnnenennnnnnnnnnnnnn 8 Establishing a VPN TONNS la ka i in ap e a e aaepe 8 Enabling a Connects sssini en i 9 Accessing Redundant VPN GatewayS c ccccsseceeseeeesesseeseeeees 10 Establishing Multiple Connections s ss seeeennnzznnnnnnennnnzannnni 10 Checking the Status of a VPN Connection cccccseeessseeeeeeees 10 Disabling VPN Connection sia rssiwetan ieor e 10 Specifying Pocket GVC Launch Options ss sennnnennnzznnennzzznnnnn nn 11 Managing VPN Connection Profiles visciawisivieuesvineceamwnrsscindeinncuninunans 11 Arranging Connection Prof
23. pVPN on the SonicWALL to support SonicWALL Global VPN Clients and Pocket Global VPN Clients refer to the Administrator s Guide for your SonicWALL security appliance All SonicWALL product documentation is available at www sonicwall com services documentation html Page 20 SonicWALL Pocket Global VPN Client 3 0 User s Guide Index A automaticallv reconnect on error 12 B blocking local Internet traffic 11 C connection status 10 creating a VPN connection policy 7 customizing VPN connection policies 12 adding peers 14 general settings 12 peer settings 13 user authentication 13 D dead peer detection 14 disabling a VPN Connection 10 E enable at program startup 12 enabling a VPN connection 9 establishing a VPN connection auto policy provisioning 8 error message 9 phase 1 8 phase 2 IKE negotiation 8 status information 8 F Fully Qualified Domain Name FQDN 7 G generating a troubleshooting report 19 installing Pocket GVC 5 before you begin 5 IPSec details 15 L launching Pocket GVC at startup I I log 16 auto logging 17 autoscroll 16 dead peer detection packets 17 filtered event messages 16 ISAKMP header information 17 log viewer 16 maximum log event messages 17 NAT keep alive packets 17 save a log file 17 stop capturing event messages 16 log viewer configuring log viewer settings 17 M managing connection profiles 11 deleting 11 renaming 11 sorting I I Microsoft Windows Mobile 2003 5 multiple VPN connecti
24. play level from All Messages to Filtered Messages select View gt Filtered Messages or tap the Filtered Messages button on the Command Bar You can also choose View gt All Messages or tap the All Messages button on the Command Bar To enable or disable Auto Logging select File gt Enable Auto Logging Page 16 SonicWALL Pocket Global VPN Client 3 0 User s Guide Saving a Log File You can save a current log to a txt file 1 Select File gt Save Log to display the Save As page The default Pocket GVC log filename SWVpnClientLog is displayed in the Name field in the txt format Pocket GYC Log 3 ME 3 13 Save As Name Folder None v Type Log Files txt v E Enter the name for your log file in the Name field Specify the folder in the Folder list Specify the txt file format from the Type field Specify the location for saving the file such as Built in Storage or Main Memory Tap OK When you save the current log to a file the Pocket GVC application automatically adds a troubleshooting report See Generating a Troubleshooting Report on page 19 for more information on the Pocket GVC troubleshooting report Se ee he Specifying Settings for Pocket GVC Logging To access the log settings from the Pocket GVC screen choose View gt Options then tap Logging This A Specify settings for logging Maximum log messages to keep 100 0 means no maximum C Log ISAKMP header information L Log
25. rtual IP address Disabled L Enable at program startup Automatically reconnect on error Automatically reconnect on wake up General User Authentication Peers Status OK Cancel Apply Ej e Name displays the name of your connection profile e Description describes the connection profile This text appears in a pop up when your mouse pointer moves over the connection profile e Other traffic allowed Read only property allows your computer to access the local network or Internet connection while the VPN connection is active e Tunnel default traffic to peer Read only property allows all network traffic not routed to the SonicWALL gateway to be blocked When you enable the VPN connection with this feature active the Connection Warning message appears e Use virtual IP address Read only property allows the Pocket GVC Virtual Adapter to get its IP address via DHCP through the VPN tunnel from the gateway e Enable at program startup enables the connection when you launch the Pocket GVC application e Automatically reconnect on error if the Pocket GVC encounters a problem connecting to the peer it Keeps retrying to make the connection This feature allows the Pocket GVC to automatically retry connection attempts to a SonicWALL gateway without manual intervention If the connection error is due to an incorrect configuration such as the DNS or IP address of the peer gateway then the connection property must be manual
26. s by connection status Ascending Sorts connection profiles bv Name or Status in ascending order The default arrangement is by Name in Ascending order Renaming a Connection Profile To rename a VPN connection profile tap and hold on the connection profile name and select Rename from the pop up menu or choose File gt Rename then type in the new name Deleting a Connection Profile To delete a VPN connection profile tap and hold on the VPN connection profile name then select Delete from the pop up menu or choose File gt Delete You can also tap the Delete button on the Command Bar You cannot delete an active connection profile Disable the connection first then delete it Selecting All Connection Profile Choosing View gt Select All selects all the connection profiles in the Pocket GVC screen Page 11 Customizing VPN Connection Policies Tap and hold the VPN connection policy you want to customize and select Properties from the pop up menu or click on the Properties button on the Command Bar You can customize the properties of your VPN connection policy The Pocket GVC includes settings for General User Authentication Peers and Status properties General Settings The General properties screen includes the following settings G Pocket G C E ok 27 Specify general settings for this ction Th conne Name Office Gateway Other traffic allowed Secured Tunnel default traffic to peer Enabled Use vi
27. suse or misapplication or has been modified without the written permission of SonicWALL DISCLAIMER OF WARRANTY EXCEPT AS SPECIFIED IN THIS WARRANTY ALL EXPRESS OR IMPLIED CONDITIONS REPRESENTATIONS AND WARRANTIES INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE NONINFRINGEMENT SATISFACTORY QUALITY OR ARISING FROM A COURSE OF DEALING LAW USAGE OR TRADE PRACTICE ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW TO THE EXTENT AN IMPLIED WARRANTY CANNOT BE EXCLUDED SUCH WARRANTY IS LIMITED IN DURATION TO THE WARRANTY PERIOD BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS THE ABOVE LIMITATION MAY NOT APPLY TO YOU THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION TO JURISDICTION This disclaimer and exclusion shall apply even if the express warranty set forth above fails of its essential purpose Page 1 DISCLAIMER OF LIABILITV SONICWALL S SOLE LIABILITV IS THE SHIPMENT OF A REPLACEMENT PRODUCT AS DESGRIBED IN THE ABOVE LIMITED WARRANTV IN NO EVENT SHALL SONICWALL OR ITS SUPPLIERS BE LIABLE FOR ANV DAMAGES WHATSOEVER INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF PROFITS BUSINESS INTERRUPTION LOSS OF INFORMATION OR OTHER PECUNIARY LOSS ARISING OUT OF THE USE OR INABILITY TO USE THE PRODUCT OR FOR SPECIAL INDIRECT CONSEQUENTIAL INC
28. tiation Retries defines the number of retries allowed during ISAKMP negotiations The default is 3 Attempts Vou can choose from 1 to 10 retires Page 14 SonicWALL Pocket Global VPN Client 3 0 User s Guide Timeout defines the time in seconds between retry attempts for each IKE negotiation packet The Status The Status screen shows the current status of the connection e Status indicates whether VPN connection profile is connected disabled or on an intermediary connection status e Peer IP displays the IP address of SonicWALL VPN gateway e Virtual IP displays the IP address assigned via DHCP through the VPN tunnel for the SonicWALL Virtual Adapter e Duration displays the time for which the connection is active e IPSec Details displays the Connection Details page which specifies the negotiated phase 1 and phase 2 parameters as well as the status of all individual phase 2 tunnels Destination Proxy IDs displays the Network address Subnet Mask and Port negotiated for the IPSec tunnel This window shows the details of the Connection Details IPSec connection e Sent Packets displavs number of packets sent through VPN tunnel Bytes displays number of bytes sent through VPN tunnel e Received Packets displays number of packets received through VPN tunnel Bytes displays number of bytes received through VPN tunnel e Reset Counts resets the status information Page 15 Pocket GVC Log
29. u launch the Pocket GVC on your PDA the New Connection screen automatically launches The New Connection screen allows you to easily create a new connection profile by simply choosing the type of connection Office Gateway Choose this option if you are associating with a SonicWALL wireless gateway and want a secure connection Note you can use this single Office Gateway VPN connection policy to roam securely across SonicWALL wireless gateways Remote Access Choose this option if you want secure access to a remote SonicWALL VPN gateway The most common use of Remote Access is when you are at home or on the road and want access to the corporate network through a dial up GPRS or public wireless network If you choose this option you enter the IP address or Fully Qualified Domain Name FQDN of the SonicWALL A gateway appliance such as gatewav vourcompanv com for your corporate network Ale rt f you are configuring Pocket GVC for Remote Access make sure you have the IP address or FQDN of the remote SonicWALL VPN gateway and Internet access N Alert f vou are configuring Pocket GVC for Office Gateway make sure your wireless card is configured with the correct wireless network information to access the SonicWALL wireless gatewav To create a an Office Gatewav or Remote Access connection profile 1 The first time you launch Pocket GVC on your PDA the New Connection screen automatically launches or choose File gt New Connection
Download Pdf Manuals
Related Search