Configuring Perimeter 81 Site-To-Site with Dell SonicWALL Device

Follow

Configuring Perimeter 81 Site-To-Site with SonicWALL IPSec tunnel

The following procedure demonstrates how to configure the VPN tunnels on the SonicWALL device using the SonicOS management interface. You must replace the example values in the procedures with the values that are provided in the configuration file.

To configure the tunnels:

  1. Open the SonicWALL SonicOS management interface.
  2. In the left pane, choose VPN, Settings. Under VPN Policies, choose Add...
  3. In the VPN policy window on the General tab, complete the following information:

    Policy Type: Choose Site to Site.
    Authentication Method: Choose IKE using Preshared Secret.
    Name: Enter a name for the VPN policy. We recommend that you use the name of the Perimeter 81.
    IPsec Primary Gateway Name or Address: Enter the IP address of the your perimeter 81 private node; for example, 72.21.209.193.
    IPsec Secondary Gateway Name or Address: Leave the default value.
    Shared Secret: Enter the pre-shared key as provided in the configuration file, and enter it again in Confirm Shared Secret.
    Local IKE ID: Enter the IPv4 address of the customer gateway (the SonicWALL device).
    Peer IKE ID: Enter the IPv4 address of the perimeter 81 node.
  4. On the Network tab, complete the following information:
    Under Local Networks, choose Any address. We recommend this option to prevent connectivity issues from your local network.
    Under Remote Networks, choose Choose a destination network from list. Create an address object with the CIDR of our VPN subnets and type VPN: 10.255.0.0/16
  5. On the Proposals tab, complete the following information.

    Under IKE (Phase 1) Proposal, do the following:

    1. Exchange: Choose Main Mode.
    2. DH Group: Enter a value for the Diffie-Hellman group provided from config file; for
      example, 21.
    3. Encryption: Choose AES-256, provided in the config file.
    4. Authentication: Choose SHA256, provided in the config file.
    5. Life Time: Enter 28800.

    Under IKE (Phase 2) Proposal, do the following:

    1. Protocol: Choose ESP.
    2. Encryption: Choose AES-256, provided in the config file.
    3. Authentication: Choose SHA256, provided in the config file.
    4. Select the Enable Perfect Forward Secrecy check box, and choose the Diffie-Hellman group 21 (ESP521).
    5. Life Time: Enter 3600.
  6. On the Advanced tab, complete the following information:

    Select Enable Keep Alive.
    Select Enable Phase2 Dead Peer Detection and enter the following:
    For Dead Peer Detection Interval, enter 60 (this is the minimum that the SonicWALL device accepts).
    For Failure Trigger Level, enter 3.
    For VPN Policy bound to, select Interface X1. This is the interface that's typically designated for public IP addresses.
  7. Choose OK. On the Settings page, the Enable check box for the tunnel should be selected by default. A green dot indicates that the tunnel is up.
  8. In the left panel, choose Network, Routing.
  9. Create new static routing from object type LAN to VPN, source should be your Local subnet group and destination Perimeter 81 subnet group. Service should be ANY and Device should X1 interface. Default gateway leave 0.0.0.0.
  10. In the left panel, choose Firewall, Access Rules.
  11. Create 2 rules for the 2 paths, from Perimeter 81 subnet to your local site subnet and from local subnet to perimeter 81.
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.