Tuesday, 18 June 2013

Home » » How to create VPN Between Sonicwall and Broadband Linksys

How to create VPN Between Sonicwall and Broadband Linksys

Posted by Jagdish Goswami at 18:01


Hardware Used:

Linksys Instant Broadband™EtherFast®Cable/DSL Firewall Router
with 4-Port Switch/VPN Endpoint BEFSX41 Firmware: 1.43.3
Cable Internet connection

Sonicwall PRO 300 (Standard Mode) Firmware: 6.3.1.4

Sonicwall VPN SA Setup:

1.      Security Association: Add New SA
2.      IPSec Keying Mode: IKE using Preshared Secret
3.      Name: Must be the WAN MAC Address of the Linksys (No dashes)
4.      Disable This SA: Uncheck
5.      IPSec Gateway Address: 0.0.0.0 (should tell the Sonicwall that the remote device is using DCHP on WAN and to use Aggressive mode)
6.      Phase 1 DH Group: Group 1
7.      SA Life time (secs): 28800
8.      Phase 1 Encryption/Authentication: DES & MD5
9.      Phase 2 Encryption/Authentication: Encrypt and Authenticate (ESP 3DES HMAC MD5)
10.  Shared Secret: WAN MAC Address of the Linksys
11.  Specify destination networks below: Checked
12.  Click Add New Network
13.  Edit VPN Destination Network
a.      Network: 192.168.1.0
b.      Subnet mask: 255.255.255.248 (yes, different subnet mask than the Sonicwall)
14.  No Advanced Settings (might want to enable keep alive)


Linksys VPN Tunnel Setup:
(Change the Linksys Subnet Mask and renew your clients DHCP first)

  1. Tunnel Name: Set to the Unique Firewall Identifier of the Sonicwall
  2. Local Secure Group:
    1. Subnet – IP: Linksys Subnet (X.X.X.0)
    2. Mask: Linksys Subnet Mask (255.255.255.X)
  3. Remote Secure Group:
    1. Subnet – IP: Sonicwall Subnet (X.X.X.0)
    2. Mask: Sonicwall Subnet Mask (255.255.255.X)
  4. Remote Secure Gateway: IP Addr.- WAN IP of the Sonicwall
  5. Encryption: DES
  6. Authentication: MD5
  7. Key Management: Auto. (IKE)
  8. PFS (Perfect Forward Secrecy) Unchecked
  9. Pre-Shared Key: Linksys WAN MAC Address (No Dashes)
  10. Key Lifetime: 28800
  11. Click the Advanced Setting

Linksys Advanced Settings for Selected IPSec Tunnel

  1. Tunnel 1: Phase 1: Operation mode: Check Aggressive mode, Check Username: use the Linksys WAN MAC Address (No Dashes)  This is very important.
  2. Proposal 1:
    1. Encryption: DES
    2. Authentication: MD5
    3. Group: 768-bit
    4. Key Lifetime: 28800
  3. Phase 2: Proposal:
    1. Encryption: DES
    2. Authentication: MD5
    3. PFS: OFF
    4. Group: 768-bit
    5. Key Lifetime: 28800
  4. Other Options:
    1. NetBIOS Broadcast - Unchecked
    2. Anti-replay – Unchecked
    3. Keep-Alice – Unchecked (might want to enable)
    4. If IKE failed more than _ times, block this unauthorized IP fro _ seconds – Unchecked
  5. Click Apply
  6. Click CONNECT
  7. Click VIEW LOGS

Notes:
The Pre Shared secret does not have to be the Linksys WAN MAC Address
You might not need to use a different subnet mask on the Linksys than the Sonicwall


Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)