Defining the security associations (sa) – SonicWALL OS 2.x User Manual
Page 14
Sonic OS 2.x Quick Start Guide
* The ability to NAT traffic as it enters the VPN Tunnel, or as it exits (inbound or outbound),
and the capability to have firewall rules specified on VPN traffic.
Defining the Security Associations (SA)
For the purpose of this example, we will keep the VPN configuration simple. Refer to the network
diagram at the beginning of the document for the specifics. You should have already defined
Address objects for the local network (behind the 4060) and the remote network (behind the
TZ170).
On the Pro 4060, define the SA as follows:
1. From the GUI, select the VPN
option, and then click ADD.
2. For IPSec Keying Mode, select IKE
using Preshared Secret.
3. For Name, enter an appropriate n
for this VPN SA.
ame
equired.
5.
Secret, enter an
6.
ect
the
7.
e
8.
oose the
t
will
10.
ect the
(192.168.1.0/24)
4. For both the IPSec Primary and
Secondary Gateways, enter 0.0.0.0.
The remote TZ170 receives a
dynamic IP address from the ISP, so
an Aggressive Mode IKE is r
For Shared
appropriate combination of
characters and numbers.
For the Local IKE ID, sel
Sonicwall Identifier and enter
serial number of the Pro 4060.
For the Remote IKE ID, select
Sonicwall Identifier and enter th
serial number of the TZ170.
Select the Network Tab.
9. For the Local Network, ch
address object previously defined.
For this example, we created an
address object for the LAN subne
connected to the X0 interface
(192.168.168.0/24). The VPN
only allow traffic from the X0 IP
Subnet to the remote TZ170.
For Destination Networks, sel
previously defined address object for
the network located behind the TZ170
13