Sonic OS 2.x Quick Start Guide
*The ability to NAT traffic as it enters the VPN Tunnel, or as it exits (inbound or outbound), and the capability to have firewall rules specified on VPN traffic.
Defining the Security Associations (SA)
For the purpose of this example, we will keep the VPN configuration simple. Refer to the network diagram at the beginning of the document for the specifics. You should have already defined Address objects for the local network (behind the 4060) and the remote network (behind the TZ170).
On the Pro 4060, define the SA as follows:
1.From the GUI, select the VPN option, and then click ADD.
2.For IPSec Keying Mode, select IKE using Preshared Secret.
3.For Name, enter an appropriate name for this VPN SA.
4.For both the IPSec Primary and Secondary Gateways, enter 0.0.0.0. The remote TZ170 receives a dynamic IP address from the ISP, so an Aggressive Mode IKE is required.
5.For Shared Secret, enter an appropriate combination of characters and numbers.
6.For the Local IKE ID, select Sonicwall Identifier and enter the serial number of the Pro 4060.
7.For the Remote IKE ID, select Sonicwall Identifier and enter the serial number of the TZ170.
8.Select the Network Tab.
9.For the Local Network, choose the address object previously defined. For this example, we created an address object for the LAN subnet connected to the X0 interface (192.168.168.0/24). The VPN will only allow traffic from the X0 IP Subnet to the remote TZ170.
10.For Destination Networks, select the previously defined address object for
the network located behind the TZ170 (192.168.1.0/24)
13
