9608 Sonicwall VPN with TLS

[teletechman]

Had a customer ask about having a 9608 VPN phone connecting with IPSEC VPN client be able to connect back to the main office using TLS with this set up . I have never had to do this and am not sure it can be done within the IPSEC VPN. Does anyone know if this can be done with the 9608 and the sonicwall?
Mike

 

[TheSmash]

Yes you can use IPSEC VPN and 9608 with a Sonicwall. Search the forums and I'm sure you'll find info on how to set this up.



ACSS (SME)

 

[teletechman]

I know I can use IPSEC this is already set up. The issue is he had a security audit and they told him the VPN is running with aggressive mode and said it needed to use TLS to pass the audit. This is the first time I have heard this and am not sure if this setup can do this. To the best of my knowledge TLS is for remote phone or SIP not VPN client.
Mike

 

[TheSmash]

Ah sorry, misunderstood. so they want to use TLS over the IPSEC tunnel?? Ok...never tried it but suspect you'll head towards a can of worms as its pretty clunky getting TLS to work on the 96xx phones.

Can you upgrade to R11 and use J169 with TLS instead?

Either way, punching holes for remote access is never going to make a security audit person happy. Just state you accept the business risk and move on. There are probably far easier attack surfaces than the IPSEC VPN...

ACSS (SME)