With all the TZW's other features, it's easy to forget that it includes a full-featured IPsec VPN endpoint that supports up to 10 WAN-based VPN tunnels, with no limit on the number of users (up to the TZW's maximum of 25 licensed users) per tunnel. Sonicwall appears that they're really trying to reduce the VPN licensing hassle since they even include one client license that will work from the TZW's WAN side so that at least one road-warrior will be able to tunnel into home base without having to cough up about $45 for a Global VPN client license.
Figure 7: VPN Setup
(click on the image for a full-sized view)
The endpoint has just about any IPsec feature you'd want and can work with both static and dynamic WAN IP addresses as long as the TZW with the dynamic address initiates the tunnel. There are so many configuration options available (Figure 7 is only the tip of the iceberg) I suggest you download the TZW's Administrator's guide if you want the full story, but I'll give you a little taste here:
- Site-to-site, hub-and-spoke, and mesh tunnel configurations supported
- Separate control of Phase 1 and 2 proposals
- Allows selection of Diffie-Hellman Group 1,2, and 5 key exchange
- DES and 3DES encryption and SHA1 and MD5 authentication supported
- Support for MS Networking NetBIOS broadcast (disabled by default)
- Ability to hide remote tunnel end LAN behind the TZW's NAT and firewall
- Built-in L2TP server
If all this doesn't suit you, the TZW also supports VPN pass through for multiple connections with PPTP, IPsec and L2TP protocols. This comes in handy since your company may require the use of a specific VPN client or protocol not supported by the TZW's endpoint.