|
1
|
Expand the VPN tree and click Configure 2.0. The VPN Configure page displays with the General tab selected.
|
|
2
|
|
3
|
Select Interconnected.
|
|
4
|
To configure SonicWALL GMS to convert the SAs to non-interconnected mode VPN tunnels, select Make SAs viewable in Non-Interconnected Mode.
|
|
5
|
Select the destination SonicWALL appliance by clicking Select Destination Node and selecting the node from the dialog box that displays.
|
|
6
|
To initially disable the SA upon creation, select Disable SA. This option can always be unchecked at a later time.
|
|
7
|
Select from the following keying modes from the IPSec Keying Mode list box:
|
|
•
|
Manual Key—keys are exchanged in advance. The SA always uses the same encryption and authentication keys. If the keys are compromised by an outside party, they remain compromised until the keys are changed.
|
|
•
|
IKE Using Pre-Shared Secret—each SonicWALL appliance has a shared secret that is used to establish an SA.
After the SA expires, the SonicWALL appliance reestablishes an SA using the same public keys, but does not use the same security and authentication keys. Configure the following: |
|
•
|
Local IKE ID—specifies whether the IP address or SonicWALL Identifier is used as the IKE ID for the local SonicWALL appliance.
|
|
•
|
Peer IKE ID—specifies whether the IP address or SonicWALL Identifier is used as the IKE ID for the peer SonicWALL appliance.
|
|
•
|
IKE Using 3rd Party Certificates—the SonicWALL appliance and peer device obtain certificates from the third-party certificate authorities. Security and authentication keys are exchanged using public-key cryptography and authenticity of each node is verified by the third-party CA.
After the SA expires, the peers reestablish an SA using the same public keys, but do not use the same security and authentication keys. |