Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1288
  • Last Modified:

Site to site vpn

Hi
I'm try to connect a site-to-site VPN between a DLINK DSR-150N and a Sonic Wall TZ215.

What is the easiest way to do this?

Thanks
0
jpmoreau
Asked:
jpmoreau
  • 2
  • 2
  • 2
1 Solution
 
InfamusCommented:
IPSec VPN tunnel is one of the ways to create site to site VPN.
0
 
jpmoreauAuthor Commented:
It is not connecting even if I set all the proposals the same on each side
0
 
InfamusCommented:
Did you add a firewall policy that allows two networks?
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
jpmoreauAuthor Commented:
IPSEC is configured to pass true the firewall
0
 
Blue Street TechLast KnightsCommented:
Hi jpmoreau,

On the SonicWALL Configuration setup up the proposal with the lowest security to test compatibility.

First, on the SonicWALL, you must create an address object for the remote network.
1) Log into the SonicWALL.
2) Browse to Network, then Address Objects
3) Create a new Address Object for the network on the D-Link end you wish to reach (D-Link LAN).

Next, on the SonicWALL you must create an SA.
1) Browse to VPN, then Settings (default view for VPN).
2) Ensure that “Enable VPN” is selected.
3) Click Add.
4) Change the Authentication Method to “IKE using pre-shared secret”.
5) Name the SA, e.g. “D-Link”.
6) Enter the WAN IP of the D-Link for “IPSec Primary Gateway Name or Address:”.
7) Enter your shared secret, in this example “password
8) Define Local IKE ID & Peer IKE ID

Network.
1) Select the “Network” tab.
2) Select “LAN Subnets” for Local Networks from the drop down box
3) Select the address object previously created for the destination network.

Proposals.
1) Select the “Proposals” tab.
2) Configure DH group under IKE Phase 1 to “Group 2”.
3) Configure Phase 1 Encryption “3DES” & authentication “SHA1”.
4) Configure Phase 2 Encryption “3DES” & authentication “SHA1”.
5) Do not enable Perfect Forward Secrecy.
6) Configure Phase 2 Life Time 3600

Advanced.
1) Select “Advanced” tab.
2) Ensure that keep alive is enabled on only one end of the tunnel.
3) Select “Enable Windows Networking (NetBIOS) Broadcast” if you would like to pass NetBIOS across the VPN.

On the D-Link side match the following (some devices may not be compatible regardless):
Keying Mode: IKE
IKE Mode: Main Mode with No PFS (perfect forward secrecy)
SA Authentication Method: Pre-Shared key
Keying Group: DH (Diffie Hellman) – Group 2
ID_Type: IP
Encryption and Data Integrity: ESP 3DES with SHA1
ESP 3DES with MD5
ESP DES with SHA1
ESP 3DES with SHA1
Let me know how it goes!
0
 
Blue Street TechLast KnightsCommented:
I'm glad I could help and thanks for the points!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now