How Can We Help?

Standard SonicWall VPN Config

Created On
byHBDR-admin
You are here:
← All Topics

Setup your onsite SonicWALL to host a VPN tunnel

1. Login to your SonicWALL
2. Click on VPN->Settings
3. In the Unique Firewall Identifier box, enter a descriptive name and click Apply

4. At the bottom click the Add button

General Tab

1. Policy Type: Site to Site
2. Authentication Method: IKE using Preshared Secret
3. Name: Descriptive name
4. IPsec Primary Gateway Name or Address: the wan ip address of the remote site
5. IPsec Secondary Gateway Name or Address: Leave this blank
6. Shared Secret: Enter in the VPN Shared Secret
7. Confirm Shared Secret: Repeat the Shared Secret
8. Local IKE ID and Peer IKE ID: Leave these settings their default values
9. Click OK

Network Tab

10. Local Networks: Select Choose local network from list and select LAN Subnets
11. Remote Networks: Select whichever of the bottom 2 that applies (depends on which you choose to setup).
12. Click OK

Proposals Tab

(These settings are examples, use whatever values match that of your VPN settings)

IKE (Phase 1) Proposal

1. Exchange: Main Mode
2. DH Group: Group 2
3. Encryption: AES-256
4. Authentication: SHA1
5. Life Time (seconds): 28800

IKE (Phase 2) Proposal

6. Protocol: ESP
7. Encryption: AES-256
8. Authentication: SHA1
9. Enable Perfect Forward Secrecy: unchecked
10. Life Time (seconds): 28800

Advanced Tab

11. Enable Keep Alive: this should be unchecked and grayed out
12. Suppress automatic Access Rules creation for VPN Policy: unchecked
13. Require authentication of VPN clients by XAUTH: unchecked
14. Enable Windows Networking (NetBIOS) Broadcast: unchecked
15. Enable Multicast: unchecked
16. Apply NAT Policies: unchecked
17. Management via this SA: all options unchecked
18. User login via this SA: all options unchecked
19. Default LAN Gateway (optional): 0.0.0.0
20. VPN Policy bound to: Zone WAN
21. Click OK

If using DHCP over the VPN Tunnel (Optional)

1. Click on VPN->DHCP over VPN
2. Select the VPN name you created from the dropdown and click the Configure button

3. Click on the Add… button and then type in the IP address of your DHCP server at the Primary Site

4. Click OK