Solved

Add a VPN Tunnel to Sonicwall

Posted on 2013-11-14
3
2,908 Views
Last Modified: 2014-11-12
I have a Sonicwall NSA220, and we need to setup a VPN connection to a remote entity.  They sent me information like this:

IP Sec Peer Gateway Addy: x.y.xx.yy
Trusted Subnet: 10.67.31.0/26
IKE Secret Phrase: HDkew93S (I made that up)

IKE (Phase 1) Proposal
  Exchange: Main Mode
  DH Group: Group 2
  Encryption: 3DES
  Authenticaton: MD5
  Life Time (seconds) 28200

IKE (Phase 2) Proposal
  Protocol: ESP
  Encryption: 3DES
  Authenticaton: MD5
  No Perfect FOrward Secrecy
  Life Time (seconds) 28200

Where in the world would I even get started in my Sonicwall config to enter this stuff??

Appreciate any insight at all!
0
Comment
Question by:dougp23
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39648879
Hi dougp23,

They sent you this so you can match their configuration to establish the tunnel. What is the make/model of the other firewall involved here, e.g. (SonicWALL NSA 3600, Cisco ASA, etc.)?

Procedure: SonicWALL Configuration

First, on the SonicWALL, you must create an address object for the remote network:

1. Create an Address Object

1) Log into the SonicWALL.
2) Browse to Network > Address Objects
3) Create a new Address Object for the network on the Other Firewall end you wish to reach (Other Firewall LAN) using the info they provided you.

2. Create SA (VPN)

1) Browse to VPN > Settings (default view for VPN).
2) Ensure that Enable VPN is selected.
3) Click Add.
4) Change the Authentication Method to IKE using pre-shared secret.
5) Name the SA, in this example Other Firewall.
6) Enter the WAN IP of the Other Firewall for IPSec Primary Gateway Name or Address:.
7) Enter your shared secret, in this example HDkew93S
8) Define Local IKE ID & Peer IKE ID

3. Configure Network Tab

1) Select the Network tab.
2) Select LAN Subnets for Local Networks from the drop down box
3) Select the address object previously created for the destination network.

4. Configure Proposals Tab

1) Select the Proposals tab.
2) Configure DH group under IKE Phase 1 to Group 2.
3) Configure Phase 1 Encryption 3DES & authentication MD5.
4) Configure Phase 2 Encryption 3DES & authentication MD5.
5) Do not enable Perfect Forward Secrecy.
6) Configure Phase 2 Life Time for 28200

5. Configure Advanced Tab

1) Select Advanced tab.
2)  Ensure that keep alive is enabled on only one end of the tunnel.
3)  Select Enable Windows Networking (NetBIOS) Broadcast if you would like to pass NetBIOS across the VPN.Let me know how it goes!
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39661237
I'm glad I could help...thanks for the points!
0
 

Expert Comment

by:raffie613
ID: 40439175
What if the other firewall has a dynamic ip address? What should you enter for IPSec Primary Gateway Name or Address?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question