User Guide
SonicWALL VPN Page 145
Example: Linking Two SonicWALLs using IKE
The following example illustrates the steps necessary to create an IKE VPN tunnel between
a SonicWALL PRO 200 and a SonicWALL TELE3.
A company wants to use VPN to link two offices together, one in Chicago and the other in
San Francisco. To do this, the SonicWALL PRO 200 in Chicago and the SonicWALL TELE3
in San Francisco must have corresponding Security Associations.
Configuring a SonicWALL PRO 200 in Chicago
1. Enter the SonicWALL PRO 200 Unique Firewall Identifier in the VPN Summary
window; in this example, "Chicago Office."
2. Create a new Security Association by selecting -Add New SA- from the Security
Association menu in the VPN Configure window.
3. Select IKE using pre-shared secret from the IPSec Keying Mode menu.
4. Because the SonicWALL TELE3 does not have a permanent WAN IP address, the
SonicWALL PRO 200 must authenticate the VPN session by matching the Name of the
SA with the TELE3 Unique Firewall Identifier. Enter the TELE3 Unique Firewall
Identifier in the Name field, in this example, "San Francisco Office."
5. Enter the WAN IP address of the remote SonicWALL in the IPSec Gateway Address
field. In this example, the San Francisco SonicWALL TELE3 has a dynamic IP address,
therefore enter "0.0.0.0" in the IPSec Gateway Address field
Note: Only one of the two IPSec gateways can have a dynamic IP address when using
SonicWALL VPN.
6. Select Group 2 from the Phase 1 DH Group menu.
7. Enter "86400" in the SA Life time (secs) field to renegotiate IKE encryption and
authentication keys every 24 hours.
8. Select DES & SHA1 from the Phase 1 DH Group menu.
TELE2
TELE2
integrated_manual.book Page 145 Friday, October 12, 2001 2:56 PM