Example: Linking Two Sonicwalls Using Ike - SonicWALL TELE3 SP Administrator's Manual

Example: Linking Two SonicWALLs using IKE

The following example illustrates the steps necessary to create an IKE VPN tunnel between a
SonicWALL PRO 200 and a SonicWALL TELE3 SP.
A company wants to use VPN to link two offices together, one in Chicago and the other in San
Francisco. To do this, the SonicWALL PRO 200 in Chicago and the SonicWALL TELE3 SP in San
Francisco must have corresponding Security Associations.
Configuring a SonicWALL PRO 200 in Chicago
1. Enter the SonicWALL PRO 200 Unique Firewall Identifier in the VPN Summary
window; in this example, "Chicago Office."
2. Create a new Security Association by selecting -Add New SA- from the Security
Association menu in the VPN Configure window.
3. Select IKE using pre-shared secret from the IPSec Keying Mode menu.
4. Because the SonicWALL TELE3 SP does not have a permanent WAN IP address, the
SonicWALL PRO 200 must authenticate the VPN session by matching the Name of the SA
with the TELE3 SP Unique Firewall Identifier. Enter the TELE3 SP Unique Firewall Identifier
in the Name field, in this example, "San Francisco Office."
5. Enter the WAN IP address of the remote SonicWALL in the IPSec Gateway Address field.
In this example, the San Francisco SonicWALL TELE3 SP has a dynamic IP address,
therefore enter "0.0.0.0" in the IPSec Gateway Address field
Note: Only one of the two IPSec gateways can have a dynamic IP address when using
SonicWALL VPN.
6. Select Group 2 from the Phase 1 DH Group menu.
7. Enter "86400" in the SA Life time (secs) field to renegotiate IKE encryption and
authentication keys every 24 hours.
8. Select DES & SHA1 from the Phase 1 DH Group menu.
Page 142 SonicWALL TELE3 SP Administrator's Guide