Solved

Site to site vpn

Posted on 2013-11-19
6
1,269 Views
Last Modified: 2013-11-26
Hi
I'm try to connect a site-to-site VPN between a DLINK DSR-150N and a Sonic Wall TZ215.

What is the easiest way to do this?

Thanks
0
Comment
Question by:jpmoreau
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 12

Expert Comment

by:Infamus
ID: 39660430
IPSec VPN tunnel is one of the ways to create site to site VPN.
0
 

Author Comment

by:jpmoreau
ID: 39660491
It is not connecting even if I set all the proposals the same on each side
0
 
LVL 12

Expert Comment

by:Infamus
ID: 39660498
Did you add a firewall policy that allows two networks?
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 

Author Comment

by:jpmoreau
ID: 39660606
IPSEC is configured to pass true the firewall
0
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39661777
Hi jpmoreau,

On the SonicWALL Configuration setup up the proposal with the lowest security to test compatibility.

First, on the SonicWALL, you must create an address object for the remote network.
1) Log into the SonicWALL.
2) Browse to Network, then Address Objects
3) Create a new Address Object for the network on the D-Link end you wish to reach (D-Link LAN).

Next, on the SonicWALL you must create an SA.
1) Browse to VPN, then Settings (default view for VPN).
2) Ensure that “Enable VPN” is selected.
3) Click Add.
4) Change the Authentication Method to “IKE using pre-shared secret”.
5) Name the SA, e.g. “D-Link”.
6) Enter the WAN IP of the D-Link for “IPSec Primary Gateway Name or Address:”.
7) Enter your shared secret, in this example “password
8) Define Local IKE ID & Peer IKE ID

Network.
1) Select the “Network” tab.
2) Select “LAN Subnets” for Local Networks from the drop down box
3) Select the address object previously created for the destination network.

Proposals.
1) Select the “Proposals” tab.
2) Configure DH group under IKE Phase 1 to “Group 2”.
3) Configure Phase 1 Encryption “3DES” & authentication “SHA1”.
4) Configure Phase 2 Encryption “3DES” & authentication “SHA1”.
5) Do not enable Perfect Forward Secrecy.
6) Configure Phase 2 Life Time 3600

Advanced.
1) Select “Advanced” tab.
2) Ensure that keep alive is enabled on only one end of the tunnel.
3) Select “Enable Windows Networking (NetBIOS) Broadcast” if you would like to pass NetBIOS across the VPN.

On the D-Link side match the following (some devices may not be compatible regardless):
Keying Mode: IKE
IKE Mode: Main Mode with No PFS (perfect forward secrecy)
SA Authentication Method: Pre-Shared key
Keying Group: DH (Diffie Hellman) – Group 2
ID_Type: IP
Encryption and Data Integrity: ESP 3DES with SHA1
ESP 3DES with MD5
ESP DES with SHA1
ESP 3DES with SHA1
Let me know how it goes!
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39678779
I'm glad I could help and thanks for the points!
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Clarification about access via WAN 6 45
SonicWall Max Connection Setting 7 42
RDP- Windows 7 home Premium to 7 Pro via VPN 10 39
Ping in Fortigate 2 39
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question