SonicWALL TZ170 manual Document Created 11/16/2004 Last Updated 06/19/2008 Version

Page 22

In the ‘Advanced Properties’ section, under IKE (Phase 1), modify the ‘Renegotiate IKE security associations every’ field to "60" minutes and the ‘Use Diffie-Hellman group’ should be "Group 5 (1536 bit). Tick the option ‘Use aggressive mode’ For the ‘Ipsec (Phase 2) Proposal’ section the settings are as follows: ‘Life Time (seconds)’ is "3600". Do not enable Perfect Forward Security. At the ‘NAT’ it is necessary to tick the option ‘Disable NAT inside the VPN community’

Click ‘Shared Secret’.

On the ‘Shared Secret’ section, tick the option ‘Use only Shared Secret for all External members’. Highlight "SNWL_Alice" in the ‘Peer Name’ table below. Click on the ‘Edit…" button to enter the secret. In this example, the shared secret is "HaRd!_to_Gue55_Al1c3" press the OK button. After this Highlight "SNWL_Bob" in the ‘Peer Name’ table below. Click on the ‘Edit…" button to enter the secret. In this example, the shared secret is "HaRd!_to_Gue55_B0b" and press the OK button.

Click ‘OK’ to finish the VPN Interoperability Hub Spoke setup between the SonicOS 2.5 Enhanced and Checkpoint NG within the SmartDashboard. Make sure that the Policy has been installed onto the Checkpoint firewall to have it working.

Document Created: 11/16/2004

Last Updated: 06/19/2008

Version 1.1

22

Page 21 Page 22
Image 22
Page 21 Page 22
Contents On the SonicWALL units TestingOn FireWall-1 NG SonicWALL Setup Side Alice Before You BeginNetmask Page Page IKE Phase 1 Proposal Ipsec Phase 2 ProposalSonicWALL Setup Side Bob Netmask Page IKE Phase 1 Proposal Ipsec Phase 2 Proposal Check Point FireWall-1NG Setup Page Page Page Page Page Page Page Page IKE Phase 1 Properties Ipsec Phase 2 PropertiesDocument Created 11/16/2004 Last Updated 06/19/2008 Version
Top Page Image Contents