Ike Configuration For Two Sonicwalls - SonicWALL TELE3 SP Administrator's Manual

IKE Configuration for Two SonicWALLs

An alternative to Manual Key configuration is Internet Key Exchange (IKE). IKE
transparently negotiates encryption and authentication keys. The two SonicWALL appliances
authenticate the IKE VPN session by matching preshared keys and IP addresses or Unique
Firewall Identifiers.
To create an IKE Security Association, click VPN on the left side of the browser window, and
then click the Configure tab.
1. Select IKE using pre-shared secret from the IPSec Keying Mode menu.
2. Select -Add New SA- from the Security Association menu.
3. Enter a descriptive name for the Security Association, such as "Palo Alto Office" or "NY
Headquarters", in the Name field.
4. Enter the IP address of the remote SonicWALL in the IPSec Gateway Address field. This
address must be valid, and should be the NAT Public IP Address if the remote SonicWALL
uses Network Address Translation (NAT).
Note: If the remote SonicWALL has a dynamic IP address, enter "0.0.0.0" in the IPSec
Gateway Address field. The remote SonicWALL initiates IKE negotiation in Aggressive
Mode because it has a dynamic IP address, and authenticates using the SA Names and
Unique Firewall Identifiers rather than the IP addresses. Therefore, the SA Name for the
SonicWALL must match the opposite SonicWALL Unique Firewall Identifier.
5. Select Group 2 from the Phase 1 DH Group menu.
SonicWALL VPN Page 139