Filter
Top Products
Appendix A: CLI Guide
1475
SonicOS Enhanced 5.6 Administrator’s Guide
Configuration
In this example, a site-to-site VPN is configured between two TZ 200 appliance, with the
following settings:
Local TZ 200 (home):
WAN IP: 10.50.31.150
LAN subnet: 192.168.61.0
Mask 255.255.255.0
Remote TZ 200 (office):
WAN IP: 10.50.31.104
LAN subnet: 192.168.15.0
Mask: 255.255.255.0
Authentication Method: IKE using a Pre-Shared Key
Phase 1 Exchange: Main Mode
Phase 1 Encryption: 3DES
Phase 1 Authentication SHA1
Phase 1 DH group: 2
Phase 1 Lifetime: 28800
Phase 2 Protocol: ESP
Phase 2 Encryption: 3DES
Phase 2 Authentication: SHA1
Phase 2 Lifetime: 28800
No PFS
1. In configure mode, create an address object for the remote network, specifying the name,
zone assignment, type, and address. In this example, we use the name OfficeLAN:
(config[TZ200]> address-object Office LAN
(config-address-object[OfficeLAN])>
Note The prompt has changed to indicate the configuration mode for the address object.
(config-address-object[OfficeLAN])> zone VPN
(config-address-object[OfficeLAN])> network 192.168.15.0
255
.255.255.0
(config-address-object[OfficeLAN])> finished
2. To display the address object, type the command show address-object [name]:
TZ200 > show address-object OfficeLAN
The output will be similar to the following:
address-object OfficeLAN
network 192.168.15.0 255.255.255.0
zone VPN
3. To create the VPN policy, type the command vpn policy [name] [authentication method]:
(config[TZ200])> vpn policy OfficeVPN pre-shared
(config-vpn[OfficeVPN])>
Note The prompt has changed to indicate the configuration mode for the VPN policy. All the
settings regarding this VPN will be entered here.