Example of ike configuration for two sonicwalls – SonicWALL Internet Security Appliances User Manual

SonicWALL VPN Page 213

Example of IKE Configuration for Two SonicWALLs

The following example illustrates the steps necessary to create an IKE VPN tunnel between a
SonicWALL PRO 200 and a SonicWALL TELE3.

A company wants to use VPN to link two offices together, one in Chicago and the other in San
Francisco. To do this, the SonicWALL PRO 200 in Chicago and the SonicWALL TELE3 in San
Francisco must have corresponding Security Associations.

Configuring a SonicWALL PRO 200 in Chicago

1. Enter the SonicWALL PRO 200 Unique Firewall Identifier in the VPN Summary window. In this

example, it is "Chicago Office”.

2. Create a new Security Association by selecting -Add New SA- from the Security Association

menu in the VPN Configure window.

3. Select IKE using pre-shared secret from the IPSec Keying Mode menu.
4. Because the SonicWALL TELE3 does not have a permanent WAN IP address, the SonicWALL

PRO 200 must authenticate the VPN session by matching the Name of the SA with the TELE3
Unique Firewall Identifier. Enter the TELE3 Unique Firewall Identifier in the Name field, in this
example, "San Francisco Office."

5. Enter the WAN IP address of the remote SonicWALL in the IPSec Gateway Address field. In this

example, the San Francisco SonicWALL TELE3 has a dynamic IP address, therefore enter
"0.0.0.0" in the IPSec Gateway Address field

Alert Only one of the two IPSec gateways can have a dynamic IP address when using SonicWALL
VPN.
6. Select Main Mode from the Exchange menu.
7. Select Group 1 from the Phase 1 DH Group menu.
8. Enter "28800" in the SA Life time (secs) field to renegotiate IKE encryption and authentication

keys every 8 hours.

9. Select 3DES & SHA1 from the Phase 1 DH Group menu.