Ike configuration for two sonicwalls – SonicWALL Internet Security Appliances User Manual

SonicWALL VPN Page 211

IKE Configuration for Two SonicWALLs

An alternative to Manual Key configuration is Internet Key Exchange (IKE). IKE transparently
negotiates encryption and authentication keys. The two SonicWALL appliances authenticate the IKE
VPN session by matching preshared keys and IP addresses or Unique Firewall Identifiers.
To create an IKE Security Association, click VPN on the left side of the browser window, and then
click the Configure tab.

1. Select IKE using pre-shared secret from the IPSec Keying Mode menu.

2. Select -Add New SA- from the Security Association menu.
3. Enter a descriptive name for the Security Association, such as "Palo Alto Office" or "NY

Headquarters", in the Name field.

4. Enter the IP address of the remote SonicWALL in the IPSec Gateway Address field. This address

must be valid, and should be the NAT Public IP Address if the remote SonicWALL uses Network
Address Translation (NAT).

Alert If the remote SonicWALL has a dynamic IP address, enter "0.0.0.0" in the IPSec Gateway
Address field. The remote SonicWALL initiates IKE negotiation in Aggressive Mode because it has a
dynamic IP address, and authenticates using the SA Names and Unique Firewall Identifiers rather
than the IP addresses. Therefore, the SA Name for the SonicWALL must match the opposite
SonicWALL Unique Firewall Identifier.
5. Select Main Mode from the Exchange menu.
6. Select Group 1 from the Phase 1 DH Group menu.