SonicOS 7.1 IPSec VPN
- SonicOS 7.1
- About SonicOS
- IPSec VPN Overview
- Site to Site VPNs
- VPN Auto Provisioning
- Rules and Settings
- Advanced
- DHCP over VPN
- L2TP Servers and VPN Client Access
- AWS VPN
- SonicWall Support
Configuring the Remote SonicWall Network Security Appliance
- Navigate to NETWORK | IPSec VPN > Rules and Settings.
- Click +Add. The VPN Policy dialog displays.
- On the General screen, select Manual Key from the Authentication Method drop-down menu.
- Enter a name for the appliance in the Name field.
- Enter the host name or IP address of the local connection in the IPsec Gateway Name or Address field.
- Click Network.
-
Under Local Networks, select one of these:
- If a specific local network can access the VPN tunnel, select a local network from the Choose local network from list drop-down menu.
-
If traffic can originate from any local network, select Any Address. Use this option if a peer has Use this VPN tunnel as default route for all Internet traffic selected. Auto-added rules are created between Trusted Zones and the VPN Zone.
-
Under Remote Networks, select one of these:
-
If traffic from any local user cannot leave the firewall unless it is encrypted, select Use this VPN Tunnel as default route for all Internet traffic.
You can only configure one SA to use this setting.
-
Alternatively, select Choose Destination network from list, and select the address object or group.
-
- Click Proposals.
-
Define an Incoming SPI and an Outgoing SPI. The SPIs are hexadecimal (0123456789abcedf) and can range from 3 to 8 characters in length.
Each Security Association must have unique SPIs; no two Security Associations can share the same SPIs. However, each Security Association Incoming SPI can be the same as the Outgoing SPI.
-
The default values for Protocol, Encryption, and Authentication are acceptable for most VPN SA configurations.
The values for Protocol, Encryption, and Authentication must match the values on the opposite side of the tunnel.
- Enter a 48-character hexadecimal encryption key in the Encryption Key field. Use the same value as used on the firewall on the opposite side of the tunnel.
-
Enter a 40-character hexadecimal authentication key in the Authentication Key field. Use the same value as used on the firewall on the opposite side of the tunnel.
Valid hexadecimal characters include 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, and f. 1234567890abcdef is an example of a valid DES or ARCFour encryption key. If you enter an incorrect encryption key, an error message is displayed at the bottom of the browser window.
- Click Advanced.
-
Select any of the following optional settings you want to apply to your VPN policy:
-
The Suppress automatic Access Rules creation for VPN Policy setting is not enabled by default to allow the VPN traffic to traverse the appropriate zones.
-
Select Enable Windows Networking (NetBIOS) broadcast to allow access to remote network resources by browsing the Windows® Network Neighborhood.
-
For WXA Group, select None or Group One.
-
Select Apply NAT Policies if you want the firewall to translate the Local, Remote or both networks communicating through this VPN tunnel. Two drop-down menus display:
-
To perform Network Address Translation on the Local Network, select or create an Address Object in the Translated Local Network menu.
-
To translate the Remote Network, select or create an Address Object in the Translated Remote Network drop-down menu.
Generally, if NAT is required on a tunnel, either Local or Remote should be translated, but not both. Apply NAT Policies is particularly useful in cases where both sides of a tunnel use either the same or overlapping subnets.
-
-
To manage the remote SonicWall through the VPN tunnel, select HTTP, SSH, SNMP, or any combination of these three from Management via this SA.
-
Select HTTP, HTTPS, or both in the User login via this SA to allow users to login using the SA.
HTTP user login is not allowed with remote authentication.
-
If you have an IP address for a gateway, enter it into the Default LAN Gateway (optional) field.
-
Select an interface from the VPN Policy bound to menu.
Two different WAN interfaces cannot be selected from the VPN Policy bound to drop-down menu if the VPN Gateway IP address is the same for both.
-
- Click OK.
- Click Accept on the NETWORK | IPSec VPN > Rules and Settings page to update the VPN Policies.
If Window Networking (NetBIOS) has been enabled, users can view remote computers in their Windows Network Neighborhood. Users can also access resources on the remote LAN by entering servers’ or workstations’ remote IP addresses.
Was This Article Helpful?
Help us to improve our support portal