Академический Документы
Профессиональный Документы
Культура Документы
Mode)
Answer/Article
Article Applies To:
Gen5: NSA E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 240
Gen5 TZ Series: TZ 100, TZ 100 Wireless, TZ 200, TZ 200 W, TZ 210, TZ 210 Wireless,
Gen4: PRO series: PRO 5060, PRO 4100, PRO 4060,PRO 3060, PRO 2040, PRO 1260
Gen4: TZ series: TZ 190, TZ 190 W, TZ 180, TZ 180 W, TZ 170, TZ 170 W, TZ 170 SP, TZ 170 SP Wireless
Feature/Application:
This solution explains the configuration of a Site to Site VPN on SonicWALL firewall (UTM) appliances when a site has
dynamic WAN IP address. The VPN policy is setup using Aggressive Mode.
Procedure:
Network Setup:
Configuring a Site to Site VPN on the Central Location (Static WAN IP address)
Device used on Central Site: SonicWALL PRO 4060 appliance with SonicOS Enhanced 4.0.0.2e firmware.
Note: Since the WAN IP address changes frequently, it is recommended to use the 0.0.0.0 IP address as the
Primary Gateway.
Local Networks
Select Choose local network from list, and select the Address Object – X0 Subnet (Lan
subnet)
Destination Networks
Select Choose destination network from list, and select the Address Object – newyork vpn
Protocol: ESP
Encryption: 3DES
Authentication: SHA1
DH Group: Group 2
Life Time (seconds): 28800
Configuring a Site to Site VPN on the Remote Location (Dynamic WAN IP address)
Device used on Remote location: SonicWALL TZ 170 appliance with SonicOS Enhanced 3.2.3.0 firmware
Network Configuration:
Select Choose local network from list, and select the Address Object – LAN Primary Subnet
Destination Networks
Select Choose destination network from list, and select the Address Object – chicago vpn
Protocol: ESP
Encryption: 3DES
Authentication: SHA1
DH Group: Group 2
Life Time (seconds): 28800