SonicWALL 3 manual Creating a Manual Key VPN Policy with the VPN Policy Wizard

CHAPTER 36: Configuring VPN Settings

Qualified Domain Name of the remote destination in the IPSec Gateway Name or Address field. Click Next.

4Enter the IP address of the network protected by the remote SonicWALL in the Remote Network field. This is a private IP address on the remote network. Enter the subnet mask in the Remote Netmask field. Click Next.

Note:Wizard.You can add additional networks by editing the VPN policy after it is created in the VPN Policy

5Select IKE using Preshared Secret as the IPSec Keying Mode. Click Next.

6Enter a shared secret in the Shared Secret field. Use a combination of letters and numbers to create a unique secret. Click Next.

7Select from the DH Group menu. Diffie-Hellman (DH) key exchange (a key agreement protocol) is used during phase 1 of the authentication process to establish pre-shared keys. To compromise between network speed and network security, select Group 2.

Select an encryption method from the Encryption list for the VPN tunnel. If network speed is preferred, then select DES. If network security is preferred, select 3DES. To compromise between network speed and network security, select DES.

Select an authentication method from the Authentication list. SHA1 is preferred for network security.

Keep the default value of 28800 (8 hours) as the Life Time (seconds) for the VPN Policy. Click Next.

8Select ESP from the Protocol menu. ESP is more secure than AH, but AH requires less processing overhead.

Select 3DES from the Encryption menu. 3DES is extremely secure and recommended for use. Select SHA1 from the Authentication menu.

Select Enable Perfect Forward Secrecy. The Enable Perfect Forward Secrecy check box increases the renegotiation time of the VPN tunnel. By enabling Perfect Forward Secrecy, a hacker using brute force to break encryption keys is not able to obtain other or future IPSec keys. During the phase 2 renegotiation between two SonicWALL appliances or a Group VPN SA, an additional Diffie-Hellman key exchange is performed. Enable Perfect Forward Secrecy adds incremental security between gateways.

If Enable Perfect Forward Secrecy is enabled, select the type of Diffie-Hellman (DH) Key Exchange (a key agreement protocol) to be used during phase 2 of the authentication process to establish pre-shared keys.

Leave the default value, 28800, in the Life Time (seconds) field. The keys renegotiate every 8 hours.

Click Next.

9To enable the VPN policy immediately, click Apply. If you prefer to disable the policy initially, select Create this Policy Disabled, and then click Apply.

Creating a Manual Key VPN Policy with the VPN Policy Wizard

You can create a custom VPN Policy using the VPN Wizard to configure a different IPSec method or configure more advanced features for the VPN Policy.

1Click VPN Policy Wizard to launch the wizard. Click Next to continue.

2Select Custom, and click Next.

3Enter a name for the policy in the Policy Name field. You may want to use the name of a remote office or other identifying feature so that it is easily identified. Enter the IP address or Fully