Secure Access Advanced Settings

Networks > Dynamic-IP Tunnels
Table of Contents

Dynamic-IP Tunnels

In order to establish a site-to-site tunnel (IPSec or WireGuard) between your SonicWall Cloud Edge gateway and a firewall/router with a dynamic public IP address, you will need to apply some modifications to the tunnel creation process. Follow the instructions below.

This option is not supported by cloud IaaS providers (such as AWS, GCP, or Azure).

IPSec based connections

  1. When creating the tunnel at the SonicWall Cloud Edge platform fill in the General Settings section with the following information:

    • Name: Enter a name of your choice.

    • Shared Secret: Enter a string of at least 8 characters or use the Generate button. Make sure to copy and save it, as it'll be required when setting up the tunnel on your firewall/router management interface.

    • Public IP: Enter 0.0.0.0

    • Remote ID: Enter a string of your own choice. This parameter will use as an additional shared secret, providing an extra level of security. Copy and save it as it'll be used as the left ID (local ID or local identification) when setting the tunnel on your firewall/router management interface.

      0.0.0.0 is not an acceptable value for the Remote ID.

    • SonicWall Gateway Proposal Subnet: Specify your SonicWall network subnet (do not choose any).

    • Remote Gateway Proposal Subnet: Specify your on-premises internal network subnet.

  2. In the Advanced Settings section make sure to select IKEv2 only. The rest of the values remain the same as appropriate.

  3. When setting up the tunnel at the firewall/router management interface fill in the following information:

    • Local IP: Since you're using a dynamic IP, enter a default value (this will vary between different vendors).

    • Local Identification/Local ID/My identifier: Fill in the same value you set for Remote ID at the SonicWall Cloud Edge platform.

    • Remote IP/Remote ID/Peer Identifier: Enter your SonicWall Cloud Edge gateway IP address.

    • IKE Version: IKEv2

  4. Fill in the rest of the fields as appropriate.

WireGuard based connections

  1. When creating the tunnel at the SonicWall Cloud Edge platform fill in the General Settings section with the following information:

    • Name: Enter a name of your choice.
    • Endpoint: Enter 0.0.0.0
    • Subnets: Enter your internal on-premises network's subnet.

  2. Follow the rest as appropriate.