Example: Linking Two Sonicwalls - Dell SonicWALL GX250 Manual

Example: Linking Two SonicWALLs

The following example illustrates the steps needed to create an IKE VPN tunnel
between a SonicWALL GX250 and a SonicWALL TELE2.
A company wants to use VPN to link two offices together, one in Chicago and the other
in San Francisco. To do this, the SonicWALL GX250 in Chicago and the SonicWALL
TELE2 in San Francisco must have corresponding Security Associations.
Configuring a SonicWALL GX250 in Chicago
1. Enter the SonicWALL GX250 Unique Firewall Identifier in the VPN Summary
window; in this example, "Chicago Office."
2. Create a new Security Association by selecting -Add New SA- from the Secu-
rity Association menu in the VPN Configure window.
3. Select IKE using pre-shared secret from the IPSec Keying Mode menu.
4. Because the SonicWALL TELE2 does not have a permanent WAN IP address, the
SonicWALL GX250 needs to authenticate the VPN session by matching the Name
of the SA with the TELE2 Unique Firewall Identifier. Enter the TELE2 Unique Fire-
wall Identifier in the Name field, in this example, "San Francisco Office."
5. Enter the WAN IP address of the remote SonicWALL in the IPSec Gateway Ad-
dress field. In this example, the San Francisco SonicWALL TELE2 has a dynamic
IP address, therefore enter "0.0.0.0" in the IPSec Gateway Address field
Note: Only one of the two IPSec gateways may have a dynamic IP address when using
SonicWALL VPN.
6. Enter "86,400" in the SA Life time (secs) field to renegotiate IKE encryption and
authentication keys every day.
7. Select a VPN method from the Encryption Method menu. Since data throughput
and security are the primary concern, select ARCFour.
SonicWALL Internet Security Appliance Guide Page 139