• Cloud Edge Secure Access
• Welcome to SonicWall Cloud Edge!
• Prerequisites
• Installation
  • Accessing the Client Management Console
  • Installation Methods
• Networks
  • Understanding Networks
  • SDP Networks
  • Regions and Gateways
    • Adding a region
    • Adding a gateway
  • Connecting Infrastructure
    • Prerequisites
    • Site-to-Site Connections
    • IPsec Tunnel
    • WireGuard Connector
    • Connect On-Prem Resources
      • Firewalls
        • SonicWall
    • Connect Cloud Resources
      • Amazon AWS
        • AWS Virtual Gateway
        • AWS Transit Gateway
      • Alibaba Cloud
      • Microsoft Azure
      • Google Cloud Platform
      • Heroku Enterprise
      • IBM Cloud
      • Docker
• Groups and Members
  • Members
    • Inviting Members
    • Password Requirements
    • Managing Roles
  • Groups
    • Managing Groups
    • Identity Provider Groups
  • Identity Providers (IdP)
    • Integrate Identity Providers
    • Azure AD
      • Azure Active Directory (SAML 2.0)
      • Azure Active Directory
    • Google Suite
      • Google Services
      • Google Apps (SAML 2.0)
    • On-Premises Active Directory
    • SAML 2.0
      • Generic SAML
      • Active Directory Federation Services (ADFS)
      • Auth0
      • Okta
      • OneLogin
      • PingIdentity
      • JumpCloud
• Securing the Platform
  • Securing Networks
    • Segmenting Networks
    • Device Posture Check
    • Network Traffic Control
    • Firewall-as-a-Service
  • Securing User Access
    • Multi-Factor Authentication
      • MFA Authentication
      • DUO Security
    • Agent-less Access
      • Zero Trust Application
        • HTTP/HTTPS
        • RDP (Remote Desktop Protocol)
        • SSH (Secure Shell)
        • VNC (Virtual Network Computing)
      • Zero Trust Policies and Rules
    • Agent-based Access
      • SonicWall Agents
        • Downloading and Installation
      • Agents Configuration
        • User-Groups Policies
        • Managing Configurations
        • General Configurations
        • Network Configuration
        • OS-Specific Configurations
• Monitoring
  • Activity Tracking
    • Activities and Logs
    • Member Devices
  • Monitoring Dashboard
  • Integrations
    • Amazon S3
    • Azure Sentinel
    • Splunk Cloud
• Compliance
  • HIPAA
  • GDPR
  • SOC 2 Type 2
• SonicWall Support
  • About This Document

IBM Cloud

This article describes how to establish a Site-To-Site IPSec VPN connection between your IBM server and the SonicWall Cloud Edge network.

• Configuring a VPN gateway at the IBM Cloud Console
• Making sure the tunnel is up

Please follow the steps below:

Configuring a VPN gateway at the IBM Cloud Console

1. Open to the VPC section in the IBM Cloud Console. Go to VPNs (under the Network tab).

   

2. Open the IKE Policies tab, then select New IKE Policy.

   

3. Choose a Name, the Region in which the appropriate VPC lies, define the Resource group, then select Create IKE policy.

   

4. Once the policy has been created, select the three-dotted menu (...) and select Edit.
   

5. Fill in the following information:

   • IKE Version: 1
   • DH Group: 2
   • Authentication: sha256
   • Key Lifetime: 28800
   • Encryption: aes256

6. Select Save IKE policy.
7. Open the IPSecPolicies tab, then select New IPSec Policy.

8. Choose an indicative Name, the Region in which the appropriate VPC lies and define the Resource group, then select Create IPSec policy.

   

9. Once the policy has been created, select the three-dotted menu (...) and select Edit.
   

10. Fill in the following information:

    • Check: PFS
    • DH Group: 2
    • Authentication: sha256
    • Key Lifetime: 3600
    • Encryption: aes256

11. Select Save IPSec policy.

    

12. Open the VPN gateways tab, then select New VPN gateway.
    

13. Fill in the following information:

    • Name: Enter a name of your choice
    • Virtual private cloud: Choose the desired cloud
    • Resource group: Choose the resource group

    • Subnet: Choose the appropriate subnet

      

14. Check New VPN Connection for VPC.
    

15. Fill in the following information:

    • Connection name: Set a name
    • Peer gateway address: Insert your SonicWall Cloud Edge gateway IP
    • Preshared key: Insert an 8 character (at least) string containing upper-case letters, upper-case letters, and numbers
    • Local subnet: Specify one or more subnets in the VPC you want to connect
    • Peer subnet: Unless you have custom configurations or multiple tunnels to the same gateway insert 10.255.0.0/16

      

    • Dead peer detection action: Restart
    • Interval: 10 seconds
    • Timeout: 30 seconds
    • IKE policy: Choose the policy that was earlier
    • IPSec policy: Choose the policy that was earlier

Configuring the tunnel in the Management Platform

1. Enter the SonicWall Cloud Edge Management Platform. Under the Networks tab in the left menu, select the name of the network in which you'd like to set the tunnel.

2. Locate the desired gateway, select the three-dotted menu (...), select Add Tunnel, and then IPSec Site-2-Site Tunnel.

   

3. Fill in the General Settings:

   

   • Name: Specify a name
   • Public IP: Insert the IP of the VPN Gateway you have just defined
   • Remote ID: Identical to Remote IP
   • Shared Secret: Insert the same preshared key you chose before
   • SonicWall Cloud Edge Gateway Proposal Subnets: 10.255.0.0/16 or according to what you defined in the IBM Cloud portal
   • Remote Gateway Proposal Subnets: Specify one or more subnets in the VPC you want to connect

4. Fill in the Advanced Settings:

   

   • IKE Version: 1
   • IKE Lifetime: 8h
   • Tunnel Lifetime: 1h
   • Dead Peer Detection Delay: 10s
   • Dead Peer Detection Timeout: 30s
   • Encryption (Phase 1): aes256
   • Encryption (Phase 2): aes256
   • Integrity (Phase 1): sha256
   • Integrity (Phase 2): sha256
   • Diffie-Hellman Groups (Phase 1): 2
   • Diffie-Hellman Groups (Phase 2): 2

Making sure the tunnel is up

1. Under the VPN gateways tab select the name of the VPN Gateway that is associated with the tunnel.

   

2. Scroll down and select View all connections.
   

3. You'll be able to see the status of the tunnel. If for some reason the tunnel is down please make sure you configured all the fields according to this article. At any point, our support team will be happy to assist or troubleshoot.