You use the VPN Policy Wizard to create the site-to-site VPN policy.
1
|
Click Wizards on the top-right corner of the SonicOS management interface. The Welcome page displays.
|
2
|
Select VPN Policy Wizard. This is selected by default.
|
3
|
1
|
Select Site-to-Site.
|
2
|
•
|
Policy Name –Enter a name you can use to refer to the policy. For example, Boston Office.
|
•
|
Preshared Key – Enter a character string to use to authenticate traffic during IKE Phase 1 negotiation. You can use the default SonicWALL-generated Preshared Key.
|
•
|
I know my Remote Peer IP Address (or FQDN) – If you check this option, this SonicWALL can initiate the contact with the named remote peer. This option is not selected by default.
|
•
|
Remote Peer IP Address (or FQDN) – If you selected the I know my Remote Peer IP Address (or FQDN) option, enter the IP address or Fully Qualified Domain Name (FQDN) of the remote peer (For example, boston.yourcompany.com).
|
2
|
•
|
Local Networks – Select the local network resources protected by this SonicWALL that you are connecting with this VPN. You can select any address object or group on the device, including networks, subnets, individual servers, and interface IP addresses. The default is Firewalled Subnets.
|
If the object or group you want has not been created yet, select Create Object or Create Group. Create the new object or group in the dialog box that pops up. Then select the new object or group.
•
|
Destination Networks – Select the network resources on the destination end of the VPN Tunnel from the drop-down menu. If the object or group does not exist, select Create new Address Object or Create new Address Group. For example:
|
a
|
b
|
c
|
d
|
e
|
From the Destination Networks drop-down menu, select the newly created group.
|
2
|
1
|
In the Security Settings page, you select the security settings for IKE Phase 1 and IPSEC Phase 2. You can use the default settings. If you require more specific security settings, you can adjust the WAN GroupVPN VPN policy after this wizard is completed.
|
•
|
DH Group: The Diffie-Hellman (DH) group are the group of numbers used to create the key pair. Each subsequent group uses larger numbers to start with. You can choose:
|
•
|
•
|
Group 2 (default)
|
•
|
•
|
The VPN uses this during IKE negotiation to create the key pair.
•
|
Encryption: This is the method for encrypting data through the VPN Tunnel. The methods are listed in order of security:
|
•
|
DES – The least secure, but takes the least amount of time to encrypt and decrypt.
|
•
|
3DES (default)
|
•
|
•
|
•
|
AES-256 – The most secure, but takes the longest time to encrypt and decrypt.
|
The VPN uses this for all data through the tunnel.
•
|
Authentication: This is the hashing method used to authenticate the key, when it is exchanged during IKE negotiation. You can choose:
|
•
|
•
|
SHA-1 (default)
|
•
|
•
|
•
|
•
|
Life Time (seconds): This is the length of time the VPN tunnel stays open before needing to re-authenticate. The default is eight hours (28800).
|
2
|
1
|
The Site-to-site VPN Policy Configuration Summary page displays the configuration defined using the VPN Wizard. To modify any of the settings, click Back to return to the appropriate page.
|
2
|
Click Accept to complete the wizard and create your VPN policy. A Storing Dell SonicWALL Configuration… message displays before the VPN Wizard Complete page displays.
|
1
|
Click Close to close the wizard.
|