Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Add a VPN Tunnel to Sonicwall

Posted on 2013-11-14
3
Medium Priority
?
2,933 Views
Last Modified: 2014-11-12
I have a Sonicwall NSA220, and we need to setup a VPN connection to a remote entity.  They sent me information like this:

IP Sec Peer Gateway Addy: x.y.xx.yy
Trusted Subnet: 10.67.31.0/26
IKE Secret Phrase: HDkew93S (I made that up)

IKE (Phase 1) Proposal
  Exchange: Main Mode
  DH Group: Group 2
  Encryption: 3DES
  Authenticaton: MD5
  Life Time (seconds) 28200

IKE (Phase 2) Proposal
  Protocol: ESP
  Encryption: 3DES
  Authenticaton: MD5
  No Perfect FOrward Secrecy
  Life Time (seconds) 28200

Where in the world would I even get started in my Sonicwall config to enter this stuff??

Appreciate any insight at all!
0
Comment
Question by:dougp23
  • 2
3 Comments
 
LVL 27

Accepted Solution

by:
Blue Street Tech earned 2000 total points
ID: 39648879
Hi dougp23,

They sent you this so you can match their configuration to establish the tunnel. What is the make/model of the other firewall involved here, e.g. (SonicWALL NSA 3600, Cisco ASA, etc.)?

Procedure: SonicWALL Configuration

First, on the SonicWALL, you must create an address object for the remote network:

1. Create an Address Object

1) Log into the SonicWALL.
2) Browse to Network > Address Objects
3) Create a new Address Object for the network on the Other Firewall end you wish to reach (Other Firewall LAN) using the info they provided you.

2. Create SA (VPN)

1) Browse to VPN > Settings (default view for VPN).
2) Ensure that Enable VPN is selected.
3) Click Add.
4) Change the Authentication Method to IKE using pre-shared secret.
5) Name the SA, in this example Other Firewall.
6) Enter the WAN IP of the Other Firewall for IPSec Primary Gateway Name or Address:.
7) Enter your shared secret, in this example HDkew93S
8) Define Local IKE ID & Peer IKE ID

3. Configure Network Tab

1) Select the Network tab.
2) Select LAN Subnets for Local Networks from the drop down box
3) Select the address object previously created for the destination network.

4. Configure Proposals Tab

1) Select the Proposals tab.
2) Configure DH group under IKE Phase 1 to Group 2.
3) Configure Phase 1 Encryption 3DES & authentication MD5.
4) Configure Phase 2 Encryption 3DES & authentication MD5.
5) Do not enable Perfect Forward Secrecy.
6) Configure Phase 2 Life Time for 28200

5. Configure Advanced Tab

1) Select Advanced tab.
2)  Ensure that keep alive is enabled on only one end of the tunnel.
3)  Select Enable Windows Networking (NetBIOS) Broadcast if you would like to pass NetBIOS across the VPN.Let me know how it goes!
0
 
LVL 27

Expert Comment

by:Blue Street Tech
ID: 39661237
I'm glad I could help...thanks for the points!
0
 

Expert Comment

by:raffie613
ID: 40439175
What if the other firewall has a dynamic ip address? What should you enter for IPSec Primary Gateway Name or Address?
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question