Solved

Add a VPN Tunnel to Sonicwall

Posted on 2013-11-14
3
2,839 Views
Last Modified: 2014-11-12
I have a Sonicwall NSA220, and we need to setup a VPN connection to a remote entity.  They sent me information like this:

IP Sec Peer Gateway Addy: x.y.xx.yy
Trusted Subnet: 10.67.31.0/26
IKE Secret Phrase: HDkew93S (I made that up)

IKE (Phase 1) Proposal
  Exchange: Main Mode
  DH Group: Group 2
  Encryption: 3DES
  Authenticaton: MD5
  Life Time (seconds) 28200

IKE (Phase 2) Proposal
  Protocol: ESP
  Encryption: 3DES
  Authenticaton: MD5
  No Perfect FOrward Secrecy
  Life Time (seconds) 28200

Where in the world would I even get started in my Sonicwall config to enter this stuff??

Appreciate any insight at all!
0
Comment
Question by:dougp23
  • 2
3 Comments
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39648879
Hi dougp23,

They sent you this so you can match their configuration to establish the tunnel. What is the make/model of the other firewall involved here, e.g. (SonicWALL NSA 3600, Cisco ASA, etc.)?

Procedure: SonicWALL Configuration

First, on the SonicWALL, you must create an address object for the remote network:

1. Create an Address Object

1) Log into the SonicWALL.
2) Browse to Network > Address Objects
3) Create a new Address Object for the network on the Other Firewall end you wish to reach (Other Firewall LAN) using the info they provided you.

2. Create SA (VPN)

1) Browse to VPN > Settings (default view for VPN).
2) Ensure that Enable VPN is selected.
3) Click Add.
4) Change the Authentication Method to IKE using pre-shared secret.
5) Name the SA, in this example Other Firewall.
6) Enter the WAN IP of the Other Firewall for IPSec Primary Gateway Name or Address:.
7) Enter your shared secret, in this example HDkew93S
8) Define Local IKE ID & Peer IKE ID

3. Configure Network Tab

1) Select the Network tab.
2) Select LAN Subnets for Local Networks from the drop down box
3) Select the address object previously created for the destination network.

4. Configure Proposals Tab

1) Select the Proposals tab.
2) Configure DH group under IKE Phase 1 to Group 2.
3) Configure Phase 1 Encryption 3DES & authentication MD5.
4) Configure Phase 2 Encryption 3DES & authentication MD5.
5) Do not enable Perfect Forward Secrecy.
6) Configure Phase 2 Life Time for 28200

5. Configure Advanced Tab

1) Select Advanced tab.
2)  Ensure that keep alive is enabled on only one end of the tunnel.
3)  Select Enable Windows Networking (NetBIOS) Broadcast if you would like to pass NetBIOS across the VPN.Let me know how it goes!
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39661237
I'm glad I could help...thanks for the points!
0
 

Expert Comment

by:raffie613
ID: 40439175
What if the other firewall has a dynamic ip address? What should you enter for IPSec Primary Gateway Name or Address?
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Sophos EC migration to Cloud. 1 84
Mobile VPN IPSEC Watchguard UTM for IOS Devices 4 69
Calyptix AE1200 VLAN Question 3 39
Microsoft VPN Client error 7 26
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now