Policy Configuration : VPN SA Management Overview
Configuring VPNs in Non-Interconnected Mode
To establish VPNs between two SonicWALL appliances that are being managed by Dell SonicWALL GMS, complete the following steps:
1
Expand the VPN tree and click Configure 2.0. The VPN Configure page displays with the General tab selected.
 
2
To establish a new SA, select Add New SA from the Security Association list box.
3
Deselect Interconnected.
4
Select Disable SA to initially disable the SA upon creation. This option can be unchecked at a later time.
5
Select from the following keying modes from the IPSec Keying Mode list box:
Manual Key—keys are exchanged in advance. The SA always uses the same encryption and authentication keys. If the keys are compromised by an outside party, they remain compromised until the keys are changed. If you select this option, configure the following:
Name—specifies the name of the SA.
IPSec Gateway Name or Address—specifies the name or IP address of the gateway.
IKE Using Pre-Shared Secret—each SonicWALL appliance has a shared secret that is used to establish an SA. After the SA expires, the SonicWALL appliances reestablishes an SA using the same public keys, but does not use the same security and authentication keys. Configure the following:
Name—specifies the name of the SA.
IPSec Primary Gateway Name or Address—specifies the name or IP address of the primary gateway.
IPSec Secondary Gateway Name or Address—specifies the name or IP address of the secondary gateway.
Shared Secret—specifies the shared secret used to negotiate the VPN tunnel.
Local IKE ID—specifies the whether the IP address or SonicWALL Identifier is used as the IKE ID for the local SonicWALL appliance.
Peer IKE ID—specifies the whether the IP address or SonicWALL Identifier is used as the IKE ID for the peer SonicWALL appliance.
IKE Using 3rd Party Certificates—the SonicWALL appliance and peer device obtain certificates from the third-party certificate authorities. Security and authentication keys are exchanged using public-key cryptography and authenticity of each node is verified by the third-party CA. After the SA expires, the peers will reestablish an SA using the same public keys, but will not use the same security and authentication keys. If you select this option, configure the following:
Name—specifies the name of the SA.
IPSec Primary Gateway Name or Address—specifies the name or IP address of the primary gateway.
IPSec Secondary Gateway Name or Address—specifies the name or IP address of the secondary gateway.
Third-Party Certificate—specifies the certificate used to establish the SAs.
Peer Certificate's ID Type—specifies the ID type of the peer certificate.
ID string to match—specifies the string used to establish the SAs.