SonicWALL Internet Security Appliances User Manual

Page 214

Advertising
background image

SonicWALL VPN Page 215

6. Select Group 2 from the Phase 1 DH Group menu.
7. Enter 28800 in the SA Life time (secs) field to renegotiate keys daily.
8. Select 3DES & SHA1 from the Phase 1 Encryption/Authentication menu.
9. Select the encryption algorithm from the Phase 2 Encryption/Authentication menu. The San

Francisco office Phase 2 Encryption/Authentication must match Chicago, so Encrypt and
Authenticate (ESP 3DES HMAC SHA1) must be selected.

10. Enter the same Shared Secret used in the Chicago Office SonicWALL PRO 200 into the

SonicWALL TELE3 Shared Secret field.

11. Click Add New Network... to open the VPN Destination Network window and define the

destination network addresses.

12. Enter the IP address and subnet mask of the destination network, the Chicago office, in the

Network and Subnet Mask fields. Since NAT is enabled at the Chicago office, enter a private LAN
IP address. In this example, enter "192.168.2.1" and subnet mask "255.255.255.0."

13. Click Advanced Settings. Select the following boxes that apply to your SA:

Enable Keep Alive - if you want to maintain the current connection by listening for traffic on the
network segment between the two connections.
Enable Windows Networking (NetBIOS) broadcast - if remote clients use Windows Network
Neighborhood to browse remote networks.
Apply NAT and firewall rules - to apply NAT and firewall rules to the SA or just firewall rules if in
Standard mode.
Forward packets to remote VPNs - if creating a “hub and spoke” network configuration
Enable Perfect Forward Secrecy - if you want to add another layer of security by adding an
additional Diffie-Hellman key exchange.
Phase 2 DH Group - select the type of DH key exchange in Phase 2 for Perfect Forward Secrecy.
Default LAN Gateway - if specifying the IP address of the default LAN route for incoming IPSec
packets for this SA. This is used in conjunction with the Route all traffic through this SA check
box.
VPN Terminated at LAN, DMZ, or LAN/DMZ- select one of the three terminating points for the
VPN tunnel.

14. Click Update to add the remote network and close the VPN Destination Network window. Once

the SonicWALL TELE3 has been updated, a message confirming the update is displayed at the
bottom of the browser window.

Tip Since Window Networking (NetBIOS) has been enabled, users can view remote computers in
their Windows Network Neighborhood. Users can also access resources on the remote LAN by
entering servers' or workstations remote IP addresses.

Advertising
Popular Brands
Popular manuals