In the ‘Advanced Properties’ section, under IKE (Phase 1), modify the ‘Renegotiate IKE security associations every’ field to "60" minutes and the ‘Use Diffie-Hellman group’ should be "Group 5 (1536 bit). Tick the option ‘Use aggressive mode’ For the ‘Ipsec (Phase 2) Proposal’ section the settings are as follows: ‘Life Time (seconds)’ is "3600". Do not enable Perfect Forward Security. At the ‘NAT’ it is necessary to tick the option ‘Disable NAT inside the VPN community’

Click ‘Shared Secret’.

On the ‘Shared Secret’ section, tick the option ‘Use only Shared Secret for all External members’. Highlight "SNWL_Alice" in the ‘Peer Name’ table below. Click on the ‘Edit…" button to enter the secret. In this example, the shared secret is "HaRd!_to_Gue55_Al1c3" press the OK button. After this Highlight "SNWL_Bob" in the ‘Peer Name’ table below. Click on the ‘Edit…" button to enter the secret. In this example, the shared secret is "HaRd!_to_Gue55_B0b" and press the OK button.

Click ‘OK’ to finish the VPN Interoperability Hub Spoke setup between the SonicOS 2.5 Enhanced and Checkpoint NG within the SmartDashboard. Make sure that the Policy has been installed onto the Checkpoint firewall to have it working.

Document Created: 11/16/2004

Last Updated: 06/19/2008

Version 1.1

22

Page 22
Image 22
SonicWALL TZ170 manual Document Created 11/16/2004 Last Updated 06/19/2008 Version