I Need To Make A Change With My IT Support! Call (225) 706-8414

SonicWall Site-to-Site VPN Setup

You want to setup a SonicWall as a Site-to-Site Peer VPN.

Solution

To build the VPN tunnel on the SonicWall side, you will need the following:

  • Address Objects defining the local networks and the networks on the far side of the VPN tunnel
    • Click to see how to create Address Objects
  • A pre-shared key (password) that is in use on both ends of the tunnel
  • The IP address of the device on the far side of the VPN tunnel
  • Determine which Phase 1 and Phase 2 proposals to use, these must match up exactly on both ends of the VPN tunnel

Create a VPN Policy

  1. At the SonicWall Dashboard, navigate to VPN>Settings and click Add under VPN Policies
  2. At the VPN Policy pop up window, leave the default Policy Type and Authentication Method. Fill in the information for the remaining fields
  3. Click the Network tab, choose the correct Address Object for both the local and remote networks
  4. Click the Proposals tab. The default settings are the most common set of settings for various hardware vendors. Two sections to look out for here, though:
    • Exchange: Depending on the far side configuration you may need to use Main mode or aggressive mode
    • Enable PFS: Some vendors enable this by default, so watch out for this setting on far side devices. Enabling PFS will require setting a second DH Group
  5. Click OK once the Policy is complete

Bonus!

Unless you’re using the built-in VPN Policies and the SonicWall is your wireless access point; your wireless clients will not be able to traverse the VPN. Even if those wireless clients are on the subnets defined in your local Address Objects, they won’t be allowed across!

To correct this issue, you will need to create a firewall rule to allow your WLAN access to the VPN Zone:

  1. At the SonicWall Dashboard, navigate to Firewall>Access Rules and click Add under Access Rules (All > All)
  2. Set the rule to allow traffic from the WLAN Zone to the VPN zone, service, source, and destination. Then, click Add
    • Under source and destination I’ve chosen to allow any, this can be restricted further using other address objects you define

 

Concerned About Cyber Attacks?

CLICK HERE >

Want to Migrate to the Cloud?

CLICK HERE >
Office 365

Ready to Experience Microsoft Office 365?

Want the latest IT news directly in your inbox? Subscribe now!