Filter
Top Products
VPN > Settings
901
SonicOS 5.8.1 Administrator Guide
Configuring a VPN Policy with IKE using a Third Party Certificate
Warning
You must have a valid certificate from a third party Certificate Authority installed on
your SonicWALL before you can configure your VPN policy with IKE using a third
party certificate.
To create a VPN SA using IKE and third party certificates, follow these steps:
Step 1 In the VPN > Settings page, click Add. The VPN Policy window is displayed.
Step 2 In the Authentication Method list in the General tab, select IKE using 3rd Party
Certificates.The VPN Policy window displays the 3rd party certificate options.
Step 3 Type a Name for the Security Association in the Name field.
Step 4 Type the IP address or Fully Qualified Domain Name (FQDN) of the primary remote SonicWALL
in the IPsec Primary Gateway Name or Address field. If you have a secondary remote
SonicWALL, enter the IP address or Fully Qualified Domain Name (FQDN) in the IPsec
Secondary Gateway Name or Address field.
Step 5 Under IKE Authentication, select a third party certificate from the Local Certificate list. You
must have imported local certificates before selecting this option.
Step 6 Select one of the following Peer ID types from the Peer IKE ID Type menu:
–
E-Mail ID and Domain Name - The Email ID and Domain Name types are based on
the certificate's Subject Alternative Name field, which is not contained in all certificates
by default. If the certificate contains a Subject Alternative Name, that value must be
used. For site-to-site VPNs, wild card characters (such as * for more than 1 character
or ? for a single character) cannot be used. The full value of the E-Mail ID or Domain
Name must be entered. This is because site-to-site VPNs are expected to connect to a
single peer, as opposed to Group VPNs, which expect multiple peers to connect.