– Log onto Sonicwall GUI
– Click on VPN >> Settings => Add >> Policy type = Site to Site, IPSec Primary Gateway = local gateway IP >> Proposals: Main Mode (must set Local IKE ID & Peer IKE ID as static IP), Aggressive Mode (can set Local & Peer IKE to IP, Firewall Identifier… Useful for dynamic IPs and no access to NAT gateway), or IKEv2 Mode (this mode accommodates for dynamic and static IP mixings; must click on VNP-Advanced-Configure = Group 14, AES-256, SHA1)
Note:
– UDP 500, UDP 4500, 443 (https management), 4433 (SSL-VPN) are needed to be forwarded to VPN appliance if it is sitting behind a NAT device
– Enable http/https management on device to allow remote management
Categories: