User Guide

ManualsBrandsSonicWALL ManualsOtherINTERNET SECURITY APPLIANCE

141

142

143

144

145

146

147

148

149

150

SonicWALL VPN Page 147

Configuring a SonicWALL TELE3 in San Francisco

1. Enter the SonicWALL TELE3 Unique Firewall Identifier in the VPN Summary

window, in this example, "San Francisco Office."

2. Select -Add New SA- from the Security Association menu.

3. Select IKE using pre-shared secret from the IPSec Keying Mode menu.

4. Enter the SonicWALL PRO 200 Unique Firewall Identifier in the SonicWALL TELE3

Name field, in this example, "Chicago Office."

5. Enter the SonicWALL PRO 200 WAN IP Address in the IPSec Gateway Address field.

This address must be valid, and is the SonicWALL PRO 200 NAT Public Address, or

"216.0.0.20."

6. Select Group 2 from the Phase 1 DH Group menu.

7. Enter "86,400" in the SA Life time (secs) field to renegotiate keys daily.

8. Select DES & SHA1 from the Phase 1 Encryption/Authentication menu.

9. Select the encryption algorithm from the Phase 2 Encryption/Authentication

menu. The San Francisco office Phase 2 Encryption/Authentication must match

Chicago, so Encrypt and Authenticate (ESP DES HMAC SHA1) must be selected.

10. Enter the same Shared Secret used in the Chicago Office SonicWALL PRO 200 into

the SonicWALL TELE3 Shared Secret field.

11. Click Add New Network... to open the VPN Destination Network window and

define the destination network addresses.

12. Enter the IP address and subnet mask of the destination network, the Chicago office,

in the Network and Subnet Mask fields. Since NAT is enabled at the Chicago office,

enter a private LAN IP address. In this example, enter "192.168.2.1" and subnet mask

"255.255.255.0."

13. Click Advanced Settings. Select the following boxes that apply to your SA:

• Use Aggressive Mode - requires half of the main mode messages to be exchanged

in Phase 1 of the SA exchange.

• Enable Keep Alive - if you want to maintain the current connection by listening for

traffic on the network segment between the two connections.

• Require XAUTH/RADIUS (Only allows VPN clients) - if you are using a RADIUS

server.

• Enable Windows Networking (NetBIOS) broadcast - if remote clients use

Windows Network Neighborhood to browse remote networks.

• Apply NAT and firewall rules - to apply NAT and firewall rules to the SA or just

firewall rules if in Standard mode.

• Forward packets to remote VPNs - if creating a “hub and spoke” network

configuration

integrated_manual.book Page 147 Friday, October 12, 2001 2:56 PM