SonicWALL Internet Security Appliances User Manual

Page 170 SonicWALL Internet Security Appliance Administrator’s Guide

2. Select Remote Gateway from the DHCP Relay Mode menu.

LAN IP Addresses

3. Select the VPN Security Association to be used for the VPN tunnel from the Obtain using DHCP

through this SA menu.

Alert Only VPN Security Associations using IKE can be used as VPN tunnels for DHCP.
4. The Relay IP address is a static IP address from the pool of specific IP addresses on the Central

Gateway. It should not be available in the scope of DHCP addresses. The SonicWALL can also
be managed through the Relay IP address.

5. If you enable Block traffic through tunnel when IP spoof detected, the SonicWALL blocks any

traffic across the VPN tunnel that is spoofing an authenticated user’s IP address. If you have
any static devices, however, you must ensure that the correct Ethernet address is entered for
the device. The Ethernet address is used as part of the identification process, and an incorrect
Ethernet address can cause the SonicWALL to respond to IP spoofs.

6. If the VPN tunnel is disrupted, temporary DHCP leases can be obtained from the local DHCP

server. Once the tunnel is again active, the local DHCP server stops issuing leases. Enable the
Obtain temporary lease from local DHCP server if tunnel is down check box. By enabling this
check box, you have a failover option in case the tunnel ceases to function. If you want to allow
temporary leases for a certain time period, enter the number of minutes for the temporary lease
in the Temporary Lease Time box. The default value is two (2) minutes.