SonicWall Firewall Site-to-Site IPSEC

Follow

1.Perimeter81 Tunnel Creation

a. Go to the Gateway in your network from which you want to create the tunnel to Azure
b. Click on the 3 dots and press "Add Tunnel"
c. Name - Set name for the Tunnel
d. Shared Secret - Put a shared secret or press generate
e. "Public IP" and "Remote ID" - put you SonicWall Public IP address
f. In "Perimeter 81 Gateway Proposal Subnets" Choose Any or Specific Subnet"
g. In "Remote Gateway Proposal Subnets" put your internal subnet
h. Advanced Settings:

  • IKE Version - V2
  • IKE Lifetime - 8h
  • Tunnel Lifetime - 1h
  • Dead Peer Detection Delay - 10s
  • Dead Peer Detection Timeout - 30s
  • Encryption (Phase 1) - aes256
  • Integrity (Phase 1) - sha1
  • Deffie-Hellman Groups (Phase 1) - 2
  • Encryption (Phase 2) - aes256
  • Integrity (Phase 2) - sha1
  • Deffie-Hellman Groups (Phase 1) - 2
    i. Press "Add Tunnel"
 

2. Create Objects in SonicWall

a. Go to Objects in SonicWall
b. Go to Address Object
c. Click Add
d. Add Perimeter81 Gateway address

  • Name - Give the object a name "P81-Gateway"
  • Zone Assignment - VPN
  • Type - Host
  • IP Address - Put your P81 gateway address

e. Add Perimeter81 Subnet Network

  • Name - Give the object a name - "P81-Network"
  • Zone Assignment - VPN
  • Type - Network
  • Network - put 10.255.0.0
  • Netmask/Prefix Length - put 255.255.0.0
 

3. Access Rule

a. Go to Policy --> Rules
b. Click Add
c. First Rule to add - VPN to LAN

  • Policy Name - P81-WAN
  • Action - Allow
  • From - VPN
  • To - WAN
  • Source Port - Any
  • Service - Any
  • Source - P81-Gateway object
  • Destination - Your external internet interface object
  • Click Add

d. Second Rule - VPN to LAN

  • Policy Name - P81-LAN
  • Action - Allow
  • From - VPN
  • To - LAN
  • Source Port - Any
  • Service - Any
  • Source - P81-Network object
  • Destination - Your internal subnet object
  • Click Add
 

4. Site to Site creation

a. Go to VPN
b. Under Base Settings add VPN Policy
c. General Tab:

Security Policy

  • Policy Type - Site to Site
  • Authentication Method - IKE using Preshared Secret
  • Name - Give it name ex. "P81-Office"
  • IPsec Primary Gateway Name or Address - put your P81 gateway address
  • IPsec Secondary Gateway Name or Address - leave blank

IKE Authentication

  • Shared Secret - put the same shared secret you set in P81 platform
  • Confirm Secret - put the secret again
  • Local IKE ID: "IPv4 Address" - put your local external internet address
  • Peer IKE ID: "IPv4 Address" - put your P81 gateway address

d. Network Tab

Local Networks

  • Choose local network from list - choose your local network object

Remote Networks

  • Choose destination network from list - choose P81-Network object

e. Proposals Tab

IKE (Phase 1) Proposal

  • Exchange - Main Mode
  • DH Group - Group 2
  • Encryption - AES-256
  • Authentication - SHA1
  • Life Time (seconds) - 28800

Ipsec (Phase 2) Proposal

  • Protocol - ESP
  • Encryption - AES-256
  • Authentication - SHA1
  • Mark v for "Enable Perfect Forward Security"
  • DH Group - Group 2
  • Life Time (seconds) - 28800

* You can use different Encryption, Authentication and DH Group setting as long as you put the same once in P81

f. Advanced Tab

Advanced Setting

  • Mark v in "Enable Keep Alive"

  • Press OK to create the new VPN Policy

  • Make sure the new Policy you created is enabled
  • You can press the play button right to the "Currently Active VPN Tunnels" and should see your new
    tunnel is up

  • If the tunnel wont start you should go to "Event Logs" and look for errors regarding the new VPN
    Policy you created
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.