Filter
Top Products
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
219
Site to Site VPN Configurations
Qualified Domain Name of the remote destination in the IPSec Gateway Name or Address field.
Click Next.
4
Enter the IP address of the network protected by the remote SonicWALL in the Remote Network
field. This is a private IP address on the remote network. Enter the subnet mask in the Remote
Netmask field. Click Next.
Note: You can add additional networks by editing the VPN policy after it is created in the VPN Policy
Wizard.
5
Select Manual Key from the IPSec Keying Modes list. Click Next.
6
Define an Incoming SPI and an Outgoing SPI. The SPIs are hexadecimal (0123456789abcedf)
and can range from 3 to 8 characters in length. Or use the default values.
S
Alert: Each Security Association must have unique SPIs; no two Security Associations can share the
same SPIs. However, each Security Association Incoming SPI can be the same as the Outgoing SPI.
ESP is selected by default from the Protocol menu. ESP is more secure than AH, but AH requires
less processing overhead.
3DES is selected by default from the Encryption Method menu. Enter a 48-character
hexadecimal key if you are using 3DES encryption.Enter a 16-character hexadecimal key in the
Encryption Key field if you are using DES or ARCFour encryption. This encryption key must
match the remote SonicWALL's encryption key.
The default 48-character key is a unique key generated every time a VPN Policy is created.
AH is selected by default from the Authentication Key field. When a new SA is created, a 32-
character key is automatically generated in the Authentication Key field. This key can be used as
a valid key. If this key is used, it must also be entered in the Authentication Key field in the
remote SonicWALL. If authentication is not used, this field is ignored.
Click Next.
7
To enable the VPN policy immediately, click Apply. If you prefer to disable the policy initially,
select Create this Policy Disabled, and then click Apply.
Configuring IKE 3rd Party Certificates with the VPN Policy
Wizard
S
Alert: You must have a valid certificate from a third party Certificate Authority installed on your
SonicWALL before you can configure your VPN policy with IKE using a third party certificate. See
Chapter 40, Managing Certificates for more information.
1
Click VPN Policy Wizard to launch the wizard. Click Next to continue.
2
Select Custom, and click Next.
3
Enter a name for the policy in the Policy Name field. You may want to use the name of a remote
office or other identifying feature so that it is easily identified. Enter the IP address or Fully
Qualified Domain Name of the remote destination in the IPSec Gateway Name or Address field.
Click Next.
4
Enter the IP address of the network protected by the remote SonicWALL in the Remote Network
field. This is a private IP address on the remote network. Enter the subnet mask in the Remote
Netmask field. Click Next.
5
Select IKE using 3rd Party Certificates from the IPSec Keying Modes list. Click Next.
6
Select your third party certificate from the Third Party Certificate menu. Select the ID type from
the Peer Certificate’s ID Type, and enter the ID string in the ID string to match field. Click Next.
7
Select from the DH Group menu. Diffie-Hellman (DH) key exchange (a key agreement protocol) is
used during phase 1 of the authentication process to establish pre-shared keys. To compromise
between network speed and network security, select Group 2.