From the remote location try to ping an IP address on the central location.
Enable Keep Alive box should be checked.
Enable Perfect Forward Secrecy (not checked) .
Select Choose destination network from list, and select the Address Object – Central V pn.
Select Choose local network from list, and select the Address Object – X0 Subnet .
Peer IKE ID: SonicWall Identifier - Central_Site(This could be any string except it has to match the remote location VPN's Local IKE ID SonicWall Identifier).
Local IKE ID: SonicWall Identifier - Remote_Site(This could be any string except it has to match the remote location VPN's Peer IKE ID SonicWall Identifier).
IPSec Primary Gateway Name or Address: 66.249.72.115 ( Gateway of the main site, which is static IP).
Login to the Remote location SonicWall appliance.
Local IKE ID SonicWall Identifier: Remote_Site(This has to match the central location VPN's Peer IKE ID SonicWall Identifier).
WAN IP: DHCP (As this is a Dynamic IP Address).
NOTE: KeepAlive option will be disabled when Vpn policy configured with Primary Gateway Name or Address as 0.0.0.0.Ĭonfiguring a Site to Site VPN on the remote location (Dynamic WAN IP address)
Ensure that the VPN Policy bound to: Zone WAN.
Enable Perfect Forward Secrecy(not checked).
Select Choose destination network the list, and select the Address Object – Remote Vpn.
Select Choose local network from list, and select the Address Object – X0 Subnet (LAN subnet).
Peer IKE ID: SonicWall Identifier - Remote_Site(This could be any string except it has to match the remote location VPN's Local IKE ID SonicWall Identifier).
Local IKE ID: SonicWall Identifier - Central_Site(This could be any string except it has to match the remote location VPN's Peer IKE ID SonicWall Identifier).
You can choose any Secret Key, but it should be entered the same on both sites).
Shared Secret: SonicWall (The Shared Secret would be the same at both SonicWall’s.
IPSec Secondary Gateway Name or Address: 0.0.0.0.
NOTE: Since the WAN IP address changes frequently, it is recommended to use the 0.0.0.0 IP address as the Primary Gateway.
IPSec Primary Gateway Name or Address: 0.0.0.0.
Select the Authentication method as IKE Using Preshared Secret.
Click the Add button under the VPN Policies section.
Navigate to Network|IPSec VPN|Rules and Settings.
Navigate to Objects | Match Objects | Addresses, Click on Add button, enter the following settings.
Login to the Central location SonicWall appliance.
The VPN policy is setup using Aggressive Mode.Ĭonfiguring a Site to Site VPN on the Central location This solution explains the configuration of a Site to Site VPN on SonicWall appliances when a site has a dynamic WAN IP address. The below resolution is for customers using SonicOS 7.X firmware. This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. Private IP Addresses on WAN cause a Double NAT Effect that is unpredictable due to the uncertainty of the ISP Setup of the NAT Layers - this is why in certain scenarios VPNs may not work correctly when a private IP is specified.
Local IKE ID SonicWall Identifier: Chicago (This could be any string except it has to match the remote location VPN's Peer IKE ID SonicWall Identifier)ĬAUTION: The IP Address can be dynamic but it should always be Public.
Copy URL The link has been copied to clipboardĬonfiguring a Site to Site VPN on the central location (Static WAN IP address).
Content Filtering Client Control access to unwanted and unsecure web content.
Capture Client Stop advanced threats and rollback the damage caused by malware.
Cloud Firewall (NS v) Next-generation firewall capabilities in the cloud.
Cloud App Security Visibility and security for Cloud Apps.
Email Security Protect against today’s advanced email threats.
Switches High-speed network switching for business connectivity.
Wireless Access Points Easy to manage, fast and secure Wi-FI.
Secure Mobile Access Remote, best-in-class, secure access.
Cloud Edge Secure Access Deploy Zero-Trust Security in minutes.
Capture Security appliance Advanced Threat Protection for modern threat landscape.
Capture ATP Multi-engine advanced threat detection.
Network Security Manager Modern Security Management for today’s security landscape.
Security Services Comprehensive security for your network security solution.
Next Generation Firewall Next-generation firewall for SMB, Enterprise, and Government.