Authenticate VPN with Active Directory and Sonicwall TZ 200 Device?

active-directory vpn ldap sonicwall
8,939

You might consider running RRAS + PPTP on your Win2k8 DC and just forwarding the necessary ports through. It's much, much easier to do access control from within AD that way. That's how my company set it up and it works very well. YMMV.

Share:
8,939

Related videos on Youtube

cisellis
Author by

cisellis

Product and Portfolio Manager. Husband and dad, sports and music lover, coffee required.

Updated on September 18, 2022

Comments

  • cisellis
    cisellis over 1 year

    The context for this is that I am not a systems administrator but I'm doing my best, so please be patient with me. :)

    The end goal is that we would like users to be able to VPN in and access network resources, through our Sonicwall TZ 200 device, using their Active Directory credentials.

    Some notes:

    1. Currently, our Sonicwall device is running the latest version of the SonicwallOS firmware.
    2. The Sonicwall VPN was set up to use Local Users + RADIUS and was working fine. The local users have been set up as "userABC" with a shared key and are able to connect using the basic Windows or Mac vpn clients and then access resources behind the firewall.
    3. The Active Directory box is set up with internal domain "internal.specialsuperdomain.com" and we can add users and boxes to the domain from inside the firewall. No problems there.
    4. We just set up the SonicWall LDAP settings to integrate with our internal Active Directory controller. I can authenticate the user "[email protected]" on the LDAP integration test page.
    5. Every time I make changes to the LDAP integration on the Sonicwall, I get a warning from the Sonicwall device that the L2TP server is setup using CHAP, which is not supported by Active Directory. I think this is where my problem is. When I change the user settings to "LDAP + Local Users" and the user tries to VPN in using their Active Directory credentials, they receive the a failure to authenticate error (tested on a Mac) and the SonicWall logs a dropped packet due to "IP Spoof Detected" error from that user.

    I've thought maybe I needed to do something with LDAP + Radius to bridge the gap between the VPN and the Active Directory, but I'm not sure. I'm going through all of the Sonicwall documentation I can find but I'm not seeing anything so far that helps. Any tips or ideas? How should I set this up?

    UPDATE: Our domain is set up at "Windows Server 2008" functional level. We were not able to authenticate from the Sonicwall using the pre-windows-2000 format "domain\username", I presume because the domain is not set to Windows Server 2003 functional level. We are able to authenticate from the Sonicwall using the updated full usernames ("[email protected]") and so we have been trying to authenticate to the vpn the same way.

    • cisellis
      cisellis about 13 years
      When we were using Local Users + RADIUS, we used "username" and created the user on the firewall. For Active Directory, we are trying to use the post-Windows-2000 compatible username, [email protected]. Our Domain is set up to "Windows Server 2008" functional level and I have not been able to authenticate users from the Sonicwall using pre-windows-2000 compatible usernames ("domain\username").
  • cisellis
    cisellis almost 13 years
    This is actually what we ended up doing, letting W2K8 manage it all. It's working much better for us as well.
  • John Galt
    John Galt almost 13 years
    Reading through my answer, I said to run RRAS on your DC. In reality, you shouldn't do this as it multihomes your DC. This is OK (but still not ideal) if you only have a single DC, but if you have two or more, you'll run into problems. Run it on a non-DC and it works very well.
  • gravyface
    gravyface about 11 years
    PPTP is pretty terrible. Have a look at IPSec/L2TP at the very least.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

LDAP authentication for SonicWALL VPN
What are the other alternative to test a LDAP connection on linux machine
Query active directory to get a user's roles in .NET
How best to recursively query AD Group membership in ASP.NET (using vb)
Adding users to AD using LDAP
LDAP: How to add a new user to a group inside an OU
How to retrieve DirectoryEntry from a DirectoryEntry and a DN
LDAP Error "User Name Not Found"
Using LDAP functions to get Active Directory tokenGroups attribute in PHP
LDAP exclude sub OU from search