SonicWALL 2.5 Security Camera User Manual


 
SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATORS GUIDE
173
Creating Site-to-Site VPN Policies
8
Under Local Networks, select a local network from Choose local network from list if a specific
local network can access the VPN tunnel. If hosts on this side of the VPN connection will be
obtaining their addressing from a DHCP server on the remote side of the tunnel, select Local
network obtains IP addresses using DHCP through this VPN tunnel. If traffic can originate
from any local network, select Any Address. Use this option if a peer has Use this VPN tunnel
as default route for all Internet traffic selected.
9
Under Destination Networks, select Use this VPN Tunnel as default route for all Internet
traffic if all remote VPN connections access the Internet through this SA. Traffic from any local
use cannot leave the SonicWALL security appliance unless it is encrypted. You can only configure
one SA to use this setting. If the remote side of this VPN connection is be obtaining its addressing
from a DHCP server on this side of the tunnel, select Destination network obtains IP addresses
using DHCP server through this tunnel. Alternatively, select Choose Destination network
from list, and select the address object or group.
10
Click Proposals.
11
Under IKE (Phase 1) Proposal, select either Main Mode or Aggressive Mode from the
Exchange menu. Aggressive Mode is generally used when WAN addressing is dynamically
assigned.
12
Under IKE (Phase 1) Proposal, the default values for DH Group, Encryption, Authentication,
and Life Time are acceptable for most VPN configurations. Be sure the Phase 1 values on the
opposite side of the tunnel are configured to match.
13
Under IPSec (Phase 2) Proposal, the default values for Protocol, Encryption, Authentication,
Enable Perfect Forward Secrecy, DH Group, and Lifetime are acceptable for most VPN SA
configurations. Be sure the Phase 2 values on the opposite side of the tunnel are configured to
match.