Filter
Top Products
SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE
181
Creating Site-to-Site VPN Policies
Enter a maximum time in seconds allowed before forcing the policy to renegotiate and exchange
keys in the Life Time field. The default settings is 28800 seconds (8 hours).
13
In the Ipsec (Phase 2) Proposal section, select the following settings:
Select ESP from the Protocol menu.
Select 3DES from the Encryption menu.
Select SHA1 from the Authentication menu.
Select Enable Perfect Forward Secrecy if you want an additional Diffie-Hellman key exchange
as an added layer of security, then select Group 2 from the DH Group menu.
Enter a maximum time in seconds allowed before forcing the policy to renegotiate and exchange
keys in the Life Time field. The default settings is 28800 seconds (8 hours).
14
Click the Advanced tab. Select any optional configuration options you want to apply to your VPN
policy in the Advanced Settings section.
Select Enable Keep Alive to use heartbeat messages between peers on this VPN tunnel. If one
end of the tunnel fails, using Keep Alives will allow for the automatic renegotiation of the tunnel
once both sides become available again without having to wait for the proposed Life Time to
expire.
To require XAUTH authentication by users prior to allowing traffic to traverse this tunnel, select
Require authentication of VPN client by XAUTH, and select a User group to specify allowed
users from the User group for XAUTH.
Select Enable Windows Networking (NetBIOS) Broadcast to allow access to remote network
resources by browsing the Windows® Network Neighborhood.
Select Apply NAT Policies if you want the SonicWALL to translate the Local, Remote or both
networks communicating via this VPN tunnel. To perform Network Address Translation on the
Local Network, select or create an Address Object in the Translated Local Network menu. To
translate the Remote Network, select or create an Address Object in the Translated Remote
Network menu. Generally, if NAT is required on a tunnel, either Local or Remote should be
translated, but not both. Apply NAT Policies is particularly useful in cases where both sides of a
tunnel use either the same or overlapping subnets.
To manage the remote SonicWALL through the VPN tunnel, select HTTP, HTTPS, or both from
Management via this SA. Select HTTP, HTTPS, or both in the User login via this SA to allow
users to login using the SA.
If you wish to use a router on the LAN for traffic entering this tunnel destined for an unknown
subnet, for example, if you configured the other side to Use this VPN Tunnel as default route for
all Internet traffic, you should enter the IP address of your router into the Default LAN Gateway
(optional) field.