Filter
Top Products
224
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
C
HAPTER
36:
Configuring VPN Settings
VPNs check box.Traffic can travel from a branch office to a branch office via the corporate
office.
Default LAN Gateway - used at a central site in conjunction with a remote site using the Route
all internet traffic through this SA check box. Default LAN Gateway allows the network
administrator to specify the IP address of the default LAN route for incoming IPSec packets for
this SA. Incoming packets are decoded by the SonicWALL and compared to static routes
configured in the SonicWALL. Since packets can have any IP address destination, it is
impossible to configure enough static routes to handle the traffic. For packets received via an
IPSec tunnel, the SonicWALL looks up a route for the LAN. If no route is found, the SonicWALL
checks for a Default LAN Gateway. If a Default LAN Gateway is detected, the packet is routed
through the gateway. Otherwise, the packet is dropped.
VPN Terminated at the LAN, OPT/DMZ/WLAN, or LAN/OPT/DMZ/WLAN - Selecting this
option allows you to terminate a VPN tunnel on a specific destination instead of allowing the
VPN tunnel to terminate on the entire SonicWALL network. By terminating the VPN tunnel to a
specific destination, the VPN tunnel has access to a specific portion of the destination LAN or
OPT/DMZ/WLAN network.
12
Click OK. Your new VPN policy is displayed in the VPN Policies table.
Configuring a VPN Policy using Manual Key
To manually configure a VPN Policy in the VPN Policy window using Manual Key, follow the steps
below:
1
In the VPN > Settings page, click Add. The VPN Policy window is displayed.
2
Select Manual Key from the IPSec Keying Mode menu.
9
Tip: Use the VPN worksheet at the beginning of this chapter to record your settings. These settings
are necessary to configure the remote SonicWALL and create a successful VPN connection.
3
In the Security Policy section, enter a name for the VPN Policy in the Name field.
4
Enter the IP address or gateway name of the REMOTE SonicWALL in the IPSec Gateway Name
or Address field.
5
In the Destination Networks section, one of the following options:
Use this VPN Tunnel as the default route for all Internet traffic - select this option if all local
users access the Internet through this tunnel. You can only configure one SA to use this option.
Specify destination networks below - configure the remote destination network for your SA.
Click Add to add the IP address and subnet mask. You can modify existing destination
networks by click Edit, and delete networks by selecting the network and clicking Delete.
6
Click on the Proposals tab.
7
In the Ipsec SA section, define an Incoming SPI and an Outgoing SPI. The SPIs are
hexadecimal (0123456789abcedf) and can range from 3 to 8 characters in length. Or use the
default values.
S
Alert: Each Security Association must have unique SPIs; no two Security Associations can share the
same SPIs. However, each Security Association Incoming SPI can be the same as the Outgoing SPI.
8
ESP is selected by default from the Protocol menu. ESP is more secure than AH, but AH requires
less processing overhead.
9
3DES is selected by default from the Phase 2 Encryption menu. Enter a 48-character
hexadecimal key if you are using 3DES encryption.Enter a 16-character hexadecimal key in the
Encryption Key field if you are using DES or ARCFour encryption. This encryption key must
match the remote SonicWALL's encryption key.
The default 48-character key is a unique key generated every time a VPN Policy is created.
10
SHA1 is selected by default from the Phase 2 Authentication menu. When a new Policy is
created, a 32-character key is automatically generated in the Authentication Key field. This key