S
Site to Site VPN Configurations
Qualified Domain Name of the remote destination in the IPSec Gateway Name or Address field. Click Next.
4Enter the IP address of the network protected by the remote SonicWALL in the Remote Network field. This is a private IP address on the remote network. Enter the subnet mask in the Remote Netmask field. Click Next.
Note: You can add additional networks by editing the VPN policy after it is created in the VPN Policy Wizard.
5Select Manual Key from the IPSec Keying Modes list. Click Next.
6Define an Incoming SPI and an Outgoing SPI. The SPIs are hexadecimal (0123456789abcedf) and can range from 3 to 8 characters in length. Or use the default values.
Alert: Each Security Association must have unique SPIs; no two Security Associations can share the same SPIs. However, each Security Association Incoming SPI can be the same as the Outgoing SPI.
ESP is selected by default from the Protocol menu. ESP is more secure than AH, but AH requires less processing overhead.
3DES is selected by default from the Encryption Method menu. Enter a
The default
AH is selected by default from the Authentication Key field. When a new SA is created, a 32- character key is automatically generated in the Authentication Key field. This key can be used as a valid key. If this key is used, it must also be entered in the Authentication Key field in the remote SonicWALL. If authentication is not used, this field is ignored.
Click Next.
7To enable the VPN policy immediately, click Apply. If you prefer to disable the policy initially, select Create this Policy Disabled, and then click Apply.
Configuring IKE 3rd Party Certificates with the VPN Policy Wizard
SAlert: You must have a valid certificate from a third party Certificate Authority installed on your SonicWALL before you can configure your VPN policy with IKE using a third party certificate. See Chapter 40, Managing Certificates for more information.
1Click VPN Policy Wizard to launch the wizard. Click Next to continue.
2Select Custom, and click Next.
3Enter a name for the policy in the Policy Name field. You may want to use the name of a remote office or other identifying feature so that it is easily identified. Enter the IP address or Fully Qualified Domain Name of the remote destination in the IPSec Gateway Name or Address field. Click Next.
4Enter the IP address of the network protected by the remote SonicWALL in the Remote Network field. This is a private IP address on the remote network. Enter the subnet mask in the Remote Netmask field. Click Next.
5Select IKE using 3rd Party Certificates from the IPSec Keying Modes list. Click Next.
6Select your third party certificate from the Third Party Certificate menu. Select the ID type from the Peer Certificate’s ID Type, and enter the ID string in the ID string to match field. Click Next.
7Select from the DH Group menu.
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE | 219 |