Solved

Add a VPN Tunnel to Sonicwall

Posted on 2013-11-14
3
2,760 Views
Last Modified: 2014-11-12
I have a Sonicwall NSA220, and we need to setup a VPN connection to a remote entity.  They sent me information like this:

IP Sec Peer Gateway Addy: x.y.xx.yy
Trusted Subnet: 10.67.31.0/26
IKE Secret Phrase: HDkew93S (I made that up)

IKE (Phase 1) Proposal
  Exchange: Main Mode
  DH Group: Group 2
  Encryption: 3DES
  Authenticaton: MD5
  Life Time (seconds) 28200

IKE (Phase 2) Proposal
  Protocol: ESP
  Encryption: 3DES
  Authenticaton: MD5
  No Perfect FOrward Secrecy
  Life Time (seconds) 28200

Where in the world would I even get started in my Sonicwall config to enter this stuff??

Appreciate any insight at all!
0
Comment
Question by:dougp23
  • 2
3 Comments
 
LVL 24

Accepted Solution

by:
diverseit earned 500 total points
ID: 39648879
Hi dougp23,

They sent you this so you can match their configuration to establish the tunnel. What is the make/model of the other firewall involved here, e.g. (SonicWALL NSA 3600, Cisco ASA, etc.)?

Procedure: SonicWALL Configuration

First, on the SonicWALL, you must create an address object for the remote network:

1. Create an Address Object

1) Log into the SonicWALL.
2) Browse to Network > Address Objects
3) Create a new Address Object for the network on the Other Firewall end you wish to reach (Other Firewall LAN) using the info they provided you.

2. Create SA (VPN)

1) Browse to VPN > Settings (default view for VPN).
2) Ensure that Enable VPN is selected.
3) Click Add.
4) Change the Authentication Method to IKE using pre-shared secret.
5) Name the SA, in this example Other Firewall.
6) Enter the WAN IP of the Other Firewall for IPSec Primary Gateway Name or Address:.
7) Enter your shared secret, in this example HDkew93S
8) Define Local IKE ID & Peer IKE ID

3. Configure Network Tab

1) Select the Network tab.
2) Select LAN Subnets for Local Networks from the drop down box
3) Select the address object previously created for the destination network.

4. Configure Proposals Tab

1) Select the Proposals tab.
2) Configure DH group under IKE Phase 1 to Group 2.
3) Configure Phase 1 Encryption 3DES & authentication MD5.
4) Configure Phase 2 Encryption 3DES & authentication MD5.
5) Do not enable Perfect Forward Secrecy.
6) Configure Phase 2 Life Time for 28200

5. Configure Advanced Tab

1) Select Advanced tab.
2)  Ensure that keep alive is enabled on only one end of the tunnel.
3)  Select Enable Windows Networking (NetBIOS) Broadcast if you would like to pass NetBIOS across the VPN.Let me know how it goes!
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39661237
I'm glad I could help...thanks for the points!
0
 

Expert Comment

by:raffie613
ID: 40439175
What if the other firewall has a dynamic ip address? What should you enter for IPSec Primary Gateway Name or Address?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now