Setup Sonicwall VPN
Configuring Aggressive Mode Site to Site VPN between SonicOS and SonicOS Enhanced (Dynamic WAN IP on one side)This article will detail all the steps necessary to create a working IKE IPSec VPN tunnel between a SonicWALL security appliance running SonicOS and a SonicWALL security appliance running SonicOS Enhanced, using Aggressive Mode. The SonicWALL, when negotiating Aggressive Mode VPN tunnels, uses the ‘Unique Firewall Identifier’ or serial number as its identity. The side that has dynamic IP will be identified by the other side through its UFI. In SonicOS Enhanced it’s controlled by setting the Local and Peer IKE ID’s in the VPN policy’s ‘General’ tab. For an example, see screenshot below.  Make sure the Local IKE ID is the UFI of the local SonicWALL and the Remote IKE ID is the UFI of the remote SonicWALL.  Configure SonicOS Enhanced VPN settings (central site)
Configure SonicOS Enhanced VPN settings (remote site)
From a system behind the remote site
SonicWALL, attempt to connect to a network resource behind the central
site, or ping the central site SonicWALL’s LAN interface IP address.
Once you’ve done this, log into the remote site SonicWALL’s management GUI and check the ‘VPN > Settings’
page. You should see the active VPN tunnel listed. On the remote
site, you should see that the tunnel has negotiated with the Primary
IPSec gateway.
If the tunnel does not negotiate successfully, check the SonicWALL’s log on the ‘Log > View’
page to see if there are any error messages for VPN negotiation. If
the tunnel is not negotiating and there are error messages displayed,
go over the settings on both side to make sure that they match and
attempt to bring the tunnel up again. |
0 comments:
Post a Comment