Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2953
  • Last Modified:

Add a VPN Tunnel to Sonicwall

I have a Sonicwall NSA220, and we need to setup a VPN connection to a remote entity.  They sent me information like this:

IP Sec Peer Gateway Addy: x.y.xx.yy
Trusted Subnet: 10.67.31.0/26
IKE Secret Phrase: HDkew93S (I made that up)

IKE (Phase 1) Proposal
  Exchange: Main Mode
  DH Group: Group 2
  Encryption: 3DES
  Authenticaton: MD5
  Life Time (seconds) 28200

IKE (Phase 2) Proposal
  Protocol: ESP
  Encryption: 3DES
  Authenticaton: MD5
  No Perfect FOrward Secrecy
  Life Time (seconds) 28200

Where in the world would I even get started in my Sonicwall config to enter this stuff??

Appreciate any insight at all!
0
dougp23
Asked:
dougp23
  • 2
1 Solution
 
Blue Street TechLast KnightsCommented:
Hi dougp23,

They sent you this so you can match their configuration to establish the tunnel. What is the make/model of the other firewall involved here, e.g. (SonicWALL NSA 3600, Cisco ASA, etc.)?

Procedure: SonicWALL Configuration

First, on the SonicWALL, you must create an address object for the remote network:

1. Create an Address Object

1) Log into the SonicWALL.
2) Browse to Network > Address Objects
3) Create a new Address Object for the network on the Other Firewall end you wish to reach (Other Firewall LAN) using the info they provided you.

2. Create SA (VPN)

1) Browse to VPN > Settings (default view for VPN).
2) Ensure that Enable VPN is selected.
3) Click Add.
4) Change the Authentication Method to IKE using pre-shared secret.
5) Name the SA, in this example Other Firewall.
6) Enter the WAN IP of the Other Firewall for IPSec Primary Gateway Name or Address:.
7) Enter your shared secret, in this example HDkew93S
8) Define Local IKE ID & Peer IKE ID

3. Configure Network Tab

1) Select the Network tab.
2) Select LAN Subnets for Local Networks from the drop down box
3) Select the address object previously created for the destination network.

4. Configure Proposals Tab

1) Select the Proposals tab.
2) Configure DH group under IKE Phase 1 to Group 2.
3) Configure Phase 1 Encryption 3DES & authentication MD5.
4) Configure Phase 2 Encryption 3DES & authentication MD5.
5) Do not enable Perfect Forward Secrecy.
6) Configure Phase 2 Life Time for 28200

5. Configure Advanced Tab

1) Select Advanced tab.
2)  Ensure that keep alive is enabled on only one end of the tunnel.
3)  Select Enable Windows Networking (NetBIOS) Broadcast if you would like to pass NetBIOS across the VPN.Let me know how it goes!
0
 
Blue Street TechLast KnightsCommented:
I'm glad I could help...thanks for the points!
0
 
raffie613Commented:
What if the other firewall has a dynamic ip address? What should you enter for IPSec Primary Gateway Name or Address?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now