Appendix A: CLI Guide
1476
SonicOS Enhanced 5.6 Administrator’s Guide
4. Configure the Pre-Shared Key. In this example, the Pre-Shared Key is sonicwall:
(config-vpn[OfficeVPN])> pre-shared-secret sonicwall
5. Configure the IPSec gateway:
(config-vpn[OfficeVPN])> gw ip-address 10.50.31.104
6. Define the local and the remote networks:
(config-vpn[OfficeVPN])> network local address-object "LAN Primary
Sub
net"
(config-vpn[OfficeVPN])> network remote address-object "OfficeLAN"
7. Configure the IKE and IPSec proposals:
(config-vpn[OfficeVPN])> proposal ike main encr triple-des auth sha1
dh 2
lifetime 28800
(config-vpn[OfficeVPN])> proposal ipsec esp encr triple-des auth
sha
1 dh no lifetime 28800
8. In the Advanced tab in the UI configuration, enable keepalive on the VPN policy:
(config-vpn[OfficeVPN])> advanced keepalive
9. To enable the VPN policy, use the command vpn enable “name” :
(config[TZ200])> vpn enable "OfficeVPN"
10. Use the finished command to save the VPN policy and exit from the VPN configure mode:
(config-vpn[OfficeVPN])> finished
(config[TZ200])>
The configuration is complete.
Note The command prompt goes back to the configure mode prompt.
Viewing VPN Configuration
Use the following steps to configure the VPN policies.
1. To view a list of all the configured VPN policies, type the command show vpn policy. The
output will be similar to the following:
(config[TZ200])> show vpn policy
Policy: WAN GroupVPN (Disabled)
Key Mode: Pre-shared
Pre Shared Secret: DE65AD2228EED75A
Proposals:
IKE: Aggressive Mode, 3DES SHA, DH Group 2, 28800 seconds
IPSEC: ESP, 3DES SHA, No PFS, 28800 seconds
Advanced:
Allow NetBIOS OFF, Allow Multicast OFF
Management: HTTP OFF, HTTPS OFF
Lan Default GW: 0.0.0.0
Require XAUTH: ON, User Group: Trusted Users
Client:
Cache XAUTH Settings: Never
Virtual Adapter Settings: None
Allow Connections To: Split Tunnels