Configuring Perimeter 81 Site-to-Site IPSEC with SonicWall Firewall

The following procedure demonstrates how to configure Perimeter 81 in order to establish a Site-To-Site IPSec VPN connection between SonicWall Firewall and the Perimeter 81 network. Please follow the steps below:

Perimeter 81 Tunnel Creation

1. Go to the Gateway in your network from which you want to create the tunnel to Azure.

2. Select the three-dotted menu (...) and select Add Tunnel.

3. Name - Set the name for the Tunnel.

4. Shared Secret - Put a shared secret or select Generate.

5. Public IP and Remote ID - put your SonicWall Public IP address.

6. In Perimeter 81 Gateway Proposal Subnets Choose Any or Specific Subnet.

7. In Remote Gateway Proposal Subnets put your internal subnet.

Advanced Settings:

    • IKE Version - V1
    • IKE Lifetime - 8h
    • Tunnel Lifetime - 1h
    • Dead Peer Detection Delay - 10s
    • Dead Peer Detection Timeout - 30s
    • Encryption (Phase 1) - aes256
    • Encryption (Phase 2) - aes256
    • Integrity (Phase 1) - sha1
    • Integrity (Phase 2) - sha1
    • Deffie-Hellman Groups (Phase 1) - 2
    • Deffie-Hellman Groups (Phase 1) - 2

8. Select Add Tunnel.

mceclip0.png
 Create Objects in SonicWall

1. Go to Objects in SonicWall.

2. Go to Address Object.

3. Select Add.

4. Add Perimeter81 Gateway address.

  • Name - Give the object a name "P81-Gateway"
  • Zone Assignment - VPN
  • Type - Host
  • IP Address - Put your P81 gateway address
5. Add Perimeter81 Subnet Network
  • Name - Give the object a name - "P81-Network"
  • Zone Assignment - VPN
  • Type - Network
  • Network - put 10.255.0.0
  • Netmask/Prefix Length - put 255.255.0.0
Access Rule

1. Go to Policy --> Rules.
2. Select Add.
3. First Rule to add - VPN to WAN.

  • Policy Name - P81-WAN
  • Action - Allow
  • From - VPN
  • To - WAN
  • Source Port - Any
  • Service - Any
  • Source - P81-Gateway object
  • Destination - Your external internet interface object
  • Select Add

Second Rule - VPN to LAN

  • Policy Name - P81-LAN
  • Action - Allow
  • From - VPN
  • To - LAN
  • Source Port - Any
  • Service - Any
  • Source - P81-Network object
  • Destination - Your internal subnet object
  • Select Add
 Site to Site creation

1. Go to VPN.
2. Under Base Settings add VPN Policy.

General Tab:

Security Policy

  • Policy Type - Site to Site
  • Authentication Method - IKE using Preshared Secret
  • Name - Give it name ex. "P81-Office"
  • IPsec Primary Gateway Name or Address - put your P81 gateway address
  • IPsec Secondary Gateway Name or Address - leave blank

IKE Authentication

  • Shared Secret - put the same shared secret you set in P81 platform
  • Confirm Secret - put the secret again
  • Local IKE ID: "IPv4 Address" - put your local external internet address
  • Peer IKE ID: "IPv4 Address" - put your P81 gateway address

Network Tab

Local Networks

  • Select local network from the list - choose your local network object

Remote Networks

  • Select the destination network from the list - choose P81-Network object

Proposals Tab

mceclip0.png

IKE (Phase 1) Proposal

  • Exchange - Main Mode
  • DH Group - Group 2
  • Encryption - AES-256
  • Authentication - SHA1
  • Life Time (seconds) - 28800

Ipsec (Phase 2) Proposal

  • Protocol - ESP
  • Encryption - AES-256
  • Authentication - SHA1
  • Mark v for "Enable Perfect Forward Security"
  • DH Group - Group 2
  • Life Time (seconds) - 3600

* You can use different Encryption, Authentication, and DH Group setting as long as you put the same settings in P81.

Advanced Tab

Advanced Setting

1. Mark v in Enable Keep Alive.

2. Select OK to create the new VPN Policy.

Make sure the new Policy you created is enabled.

You can select the play button right to the Currently Active VPN Tunnels and you should see that your new tunnel is up.

If the tunnel won't start you should go to Event Logs and look for errors regarding the new VPN
policy you created.

2 out of 2 found this helpful

Comments

0 comments

Please sign in to leave a comment.