productionsmili.blogg.se - Using ipsecuritas with sonicwall

In this case we just allowed traffic on each primary LAN behind each Sonicwall to reach the primary LAN behind the other Sonicwall. Once your VPN policies are created you can make modifications that expand what traffic is allowed to flow over the tunnel. You will also see tunnel information appear under the Currently Active VPN Tunnels when a tunnel is established: The tunnel is up when both Sonicwalls display the green ball icon on the VPN policy. On the Advanced tab the only change is to ensure the Enable Keep Alive is ticked.Īssuming you’ve made no typo’s and all is well with your WAN connections, the VPN tunnel should come up on both Sonicwalls. The Proposals should match the other side: On the Network tab you do the same thing as you did the first time around only this time the Remote Network will be the LAN behind the master Sonicwall. Remember, the Sonicwall you are configuring is the initiator of the VPN connection so it has to know what it needs to connect to. Now, switch yourself over to the other Sonicwall and repeat the same steps with the following differences:Įnter the WAN IP address OR the FQDN of the master Sonicwall as the Primary gateway. The new policy will be displayed on the VPN Policies page. You should then have something like the following:Ĭlick on the Proposals tab and set like the following:Ĭlick on the Advanced tab and set like the following:Ĭlick the OK button to save the settings. On the Remote Networks select Create New Address Object and fill in the info for the LAN at the other end of the VPN similar to the following: On the Local Networks select LAN Subnets from the dropdown list.

For the Peer ID select Firewall Identifier from the dropdown box then enter THE OTHER Sonicwall’s name.

For the Local IKE ID select Firewall Identifier from the dropdown box then enter THIS Sonicwall’s name.

Longer, more random secrets are better than short, easily “guessed’ secrets. Make note of what you enter as you will need to enter the same key on the other Sonciwall.

Enter your desired “shared secret” for the encryption key.The reason for this is that you are setting up this unit to “listen” for the VPN connection and the remote end will pass this information through upon making the connection. Enter 0.0.0.0 for both the Primary and Secondary gateways.For Name fill in the name that you will be giving the OTHER Sonicwall (the one at the other end of the VPN tunnel).Now, click the ADD button under VPN Policies, the following will appear: This will be the NAME you use in following steps. On that screen make sure Enable VPN is ticked and then change the “Unique Firewall Identifier” to be something that is easily identifiable like “MASTER” or “VICTORIA FIREWALL” or whatever and click the Accept button. On the master unit perform the following steps: If you only have two units involved then pick one as the master. If you are going to have multiple remote sites coming back to a main site then it only makes sense to make the main site the master.

To use this process you have to decide on one Sonicwall as the “master” as it will always “listen” for VPN connections the other Sonicwall will be the initiator. The reason I do this is the process pretty much never fails, is easy to troubleshoot and can be completed in minutes. I find the easiest and fastest way is to use the procedure that Sonicwall recommends when one of the VPN gateway Sonicwalls receives its WAN address via DHCP even if both of your gateway devices have static addresses. Sonicwall let’s you set up site-to-site VPN’s in a number of ways. Site-to-site VPN connections are very easy to create between Sonicwall devices, almost ridiculously easy.