Filter
Top Products
VPN > Settings
890
SonicOS 5.8.1 Administrator Guide
Site-to-Site VPN Configurations
When designing VPN connections, be sure to document all pertinent IP addressing information
and create a network diagram to use as a reference. A sample planning sheet is provided on
the next page. The SonicWALL must have a routable WAN IP address whether it is dynamic or
static. In a VPN network with dynamic and static IP addresses, the VPN gateway with the
dynamic address must initiate the VPN connection.
Site-to-Site VPN configurations can include the following options:
• Branch Office (Gateway to Gateway) - A SonicWALL is configured to connect to another
SonicWALL via a VPN tunnel. Or, a SonicWALL is configured to connect via IPsec to
another manufacturer’s firewall.
• Hub and Spoke Design - All SonicWALL VPN gateways are configured to connect to a
central SonicWALL (hub), such as a corporate SonicWALL. The hub must have a static IP
address, but the spokes can have dynamic IP addresses. If the spokes are dynamic, the
hub must be a SonicWALL.
• Mesh Design - All sites connect to all other sites. All sites must have static IP addresses.
See “Plannin
g Your VPN” on page 870 for a planning sheet to help you set up your VPN.
Creating Site-to-Site VPN Policies
Tip You can easily create site-to-site VPN policies using the VPN Policy Wizard. For complete
step-by-step instructions on using the VPN Policy Wizard, see “Wizards > VPN Wizard” on
page 1417.
You can create or modify existing VPN policies using the VPN Policy window. Clicking the Add
button under the VPN Policies table displays the VPN Policy window for configuring the
following IPsec Keying mode VPN policies:
• “Configuring a VPN Policy with IKE using Preshared Secret” on page 891
• “Configuring a VPN Policy using Manual Key” on page 896
• “Configuring a VPN Policy with IKE using a Third Party Certificate” on page 901
This section also contains information on configuring a static route to act as a failover in case
the VPN tunnel goes down. See “Configuring VPN Failover to a Static Route” on page 905 for
more information.
Tip Use the VPN Planning Sheet for Site-to-Site VPN Policies to record your settings. These
settings are necessary to configure the remote SonicWALL and create a successful VPN
connection.
Note For configuring VPN policies between SonicWALL security appliances running SonicOS
Enhanced and SonicWALL security appliances running SonicWALL Firmware version 6.5
(or higher), see the technote: Creating IKE IPsec VPN Tunnels between SonicWALL
Firmware 6.5 and SonicOS Enhanced, available at the SonicWALL documentation Web site
http://www.sonicwall.com/us/Support.html.