Manualshelf

User Guide

ManualsBrandsSonicWALL ManualsOtherINTERNET SECURITY APPLIANCE
141142143144145146147148149150
Page 142 SonicWALL Internet Security Appliance User’s Guide
IKE Configuration for Two SonicWALLs
An alternative to Manual Key configuration is Internet Key Exchange (IKE). IKE
transparently negotiates encryption and authentication keys. The two SonicWALL
appliances authenticate the IKE VPN session by matching preshared keys and IP addresses
or Unique Firewall Identifiers.
To create an IKE Security Association, click VPN on the left side of the browser window,
and then click the Configure tab.
1. Select IKE using pre-shared secret from the IPSec Keying Mode menu.
2. Select -Add New SA- from the Security Association menu.
3. Enter a descriptive name for the Security Association, such as "Palo Alto Office" or
"NY Headquarters", in the Name field.
4. Enter the IP address of the remote SonicWALL in the IPSec Gateway Address field.
This address must be valid, and should be the NAT Public IP Address if the remote
SonicWALL uses Network Address Translation (NAT).
Note: If the remote SonicWALL has a dynamic IP address, enter "0.0.0.0" in the IPSec
Gateway Address field. The remote SonicWALL initiates IKE negotiation in
Aggressive Mode because it has a dynamic IP address, and authenticates using the SA
Names and Unique Firewall Identifiers rather than the IP addresses. Therefore, the SA
Name for the SonicWALL must match the opposite SonicWALL Unique Firewall
Identifier.
integrated_manual.book Page 142 Friday, October 12, 2001 2:56 PM