I've had zero luck with QuickVPN and using more then 5 SSL VPN tunnels seems to lockup the SA540. As a workaround I've used Shrewsoft's IPSEC VPN client since it's "free". I've also had luck with The Greenbow IPSEC client. It's a little nicer in that it can run before msgina and runs in the tray, however it does run around $80/client.
- Use the VPN Wizard and configure the following:
- VPN Type: Remote Access
- Connection Name: IPSECRA
- PSK: Whatever you like
- Local WAN: Dedicatd WAN
- Remote GW Type: FQDN
- Remote FQDN: remote.com
- Local GW Type: IP Address
- Local IP Address: WAN IP of SA500
- Now you want to add XAUTH to the IKE policy. Since you can't modify an IKE policy bound to an VPN Policy, you need to do the following:
- Create a dummy IKE Policy, just enter temp for the name and temp for the PSK and save.
- Go into the new IPSECRA VPN Policy and change the IKE Policy to "temp" and save.
- Modify the original IKE Policy so XAUTH has "edge device" and Auth Type is "user database" and save.
- Return to the VPN Policy and return to the original, just modified IKE Policy and save.
- Delete the temp IKE Policy.
- Setup users as necessary in IPSEC Users, just ensure you choose the type as "Standard IPSEC (XAUTH).
- Download and install Shrewsoft VPN client
- Paste the following into a text file and name it "myconnection.vpn".
s:policy-list-include:126.96.36.199.0 / 255.255.255.0
- Import in the Shrewsoft VPN Access Manager via File. . . Import
- Rename as you wish
- Highlight the connection and choose the Modify button on the toolbar.
- Under General Tab and Host Name, change 188.8.131.52 to WAN IP of SA500.
- Under Name Resolution Tab, change 184.108.40.206 DNS to your DNS and mydomain.local to your domain.
- Under Authentication Tab. . . Small Remote Identity Tab, Change 220.127.116.11 to WAN IP of SA500
- Under Authentication Tab. . . Small Credentials Tab, enter your PSK
- Under the policy tab, change 255.255.255.255/24 to the subnet on your LAN you want to route to.
- Click Save
- Click Connect on the toolbar, enter your user creds and you should be able to connect the tunnel and pass traffic.