Ike Configuration Between Two Sonicwalls - Dell SonicWALL GX250 Manual

IKE Configuration between Two SonicWALLs

An alternative to Manual Key configuration is Internet Key Exchange (IKE). IKE
transparently negotiates encryption and authentication keys. The two SonicWALL
appliances authenticate the IKE VPN session by matching preshared keys and IP
addresses or Unique Firewall Identifiers.
To create an IKE Security Association, click VPN on the left side of the browser
window, and then click the Configure tab at the top of the window.
1. Select IKE using pre-shared secret from the IPSec Keying Mode menu.
2. Select -Add New SA- from the Security Association menu.
3. Enter a descriptive name for the Security Association, such as "Palo Alto Office"
or "NY Headquarters", in the Name field.
4. Enter the IP address of the remote SonicWALL in the IPSec Gateway Address
field. This address must be valid, and should be the NAT Public IP Address if the
remote SonicWALL uses Network Address Translation (NAT).
Note: If the remote SonicWALL has a dynamic IP address, enter "0.0.0.0" in the IPSec
Gateway Address field. The remote SonicWALL initiates IKE negotiation in
Aggressive Mode because it has a dynamic IP address, and authenticates using the SA
Names and Unique Firewall Identifiers rather than the IP addresses. Therefore, the SA
Names for both SonicWALLs must match the opposite SonicWALLs' Unique Firewall
Identifiers. This requirement adds another layer of authentication to maximize security.
Page 136 SONICWALL VPN