CradlePoint to SonicWall TZ Series Firewall VPN

[PDF]CradlePoint to SonicWall TZ Series Firewall VPN...
245 downloads 1032 Views 643KB Size
Download PDF
CradlePoint to SonicWall TZ Series Firewall VPN Example Summary This configuration covers an IPSec VPN tunnel setup between a CradlePoint Series 3 router and a Sonicwall TZ210 firewall. IPSec is customizable on both the CradlePoint and Sonicwall platforms to fit into a variety of network and security requirements. However, this configuration example will address only the basic configuration.

Configuration Configuration Difficulty: Intermediate CradlePoint Configuration: -

Step 1: Log into NCOS. For help with logging in please click here. Step 2: Click on Networking and select Tunnels and then IPSec VPN.

Global Leader in 4G LTE Network Solutions 1111 W Jefferson ST #400, Boise ID, 83702 | Toll Free: +1.855.813.3385 | cradlepoint.com

1

Global Leader in 4G LTE Network Solutions 1111 W Jefferson ST #400, Boise ID, 83702 | Toll Free: +1.855.813.3385 | cradlepoint.com

2

-

-

-

-

Step 3: Under VPN Tunnels click Add. Step 4: Enter a Tunnel Name. Step 5: Enter a Pre-Shared Key. Step 6: Set the Initiation Mode to your desired setting. o Note: On Demand will leave the tunnel idle until traffic bound for the other side of the tunnel is detected. Always On will keep the tunnel active whenever the WAN connection is active. Step 7: Click Next.

Step 8: In the Local Networks section click Add and enter the LAN of CradlePoint you want to be available across the VPN tunnel. Step 9: Click Next.

Step 10: Enter the WAN IP of SonicWall in the Remote Gateway. Step 11: In the Remote Networks section click add and enter the LAN of SonicWall you want to be available across the VPN tunnel. Step 12: Click Next.

Global Leader in 4G LTE Network Solutions 1111 W Jefferson ST #400, Boise ID, 83702 | Toll Free: +1.855.813.3385 | cradlepoint.com

3

-

Step 13: For IKE Phase 1 select 3DES encryption, SHA1 hash and DH Group 2. Step 14: Click Next.

-

Step 15: For IKE Phase 2 select 3DES encryption, SHA1 hash and DH Group 2 and set the Key Lifetime to 28800. Step 16: Click Next.

-

Step 17: For Dead Peer Detection leave the default settings.

Global Leader in 4G LTE Network Solutions 1111 W Jefferson ST #400, Boise ID, 83702 | Toll Free: +1.855.813.3385 | cradlepoint.com

4

-

Step 18: Click Finish. Step 19: Under VPN Tunnels click Enable VPN Service and then Start to start the VPN service on the router.

SonicWall Configuration: -

Step 1: Log into the Sonicwall management interface as admin.

Step 2: Navigate to VPN > Settings. Step 3: Under VPN Policies, click Add. Step 4: Set Policy to Site to Site. Step 5: Set Authentication Method to IKE using Preshared Secret. Step 6: Enter a name.

Global Leader in 4G LTE Network Solutions 1111 W Jefferson ST #400, Boise ID, 83702 | Toll Free: +1.855.813.3385 | cradlepoint.com

5

-

-

Step 7: Enter the WAN IP of the CradlePoint in the IPsec Primary Gateway Name or Address field. Step 8: Enter the Preshared Key into both Shared Secret and Confirm Shared Secret. Step 9: Leave the Local and Peer IKE ID fields blank.

Step 10: Click on Network. Step 11: Select LAN Primary Subnet for Local Networks. Step 12: Select the Remote Address Object for the CradlePoint’s LAN in Remote Networks. o In this example, an “Address Object” had already been created called Remote_VPN_Test, which placed the network 192.168.0.0 in the LAN zone. These can be created under Network > Address Objects.

Global Leader in 4G LTE Network Solutions 1111 W Jefferson ST #400, Boise ID, 83702 | Toll Free: +1.855.813.3385 | cradlepoint.com

6

-

Step 13: Click on Proposals. Step 14: Set Exchange to Main Mode. Step 15: Set DH Group to Group 2. Step 16: Set Encryption to 3DES. Step 17: Set Authentication to SHA1. Step 18: Set Life Time (seconds) to 28800. Step 19: Set Protocol to ESP. Step 20: Set Encryption to 3DES. Step 21: Set Authentication to SHA1. Step 22: Ensure Enable Perfect Forward Secrecy is checked. Step 23: Set the DH Group to Group 2. Step 24: Set Life Time (seconds) to 28800.

Global Leader in 4G LTE Network Solutions 1111 W Jefferson ST #400, Boise ID, 83702 | Toll Free: +1.855.813.3385 | cradlepoint.com

7

-

Step 25: Click on Advanced. Step 26: Ensure the settings match those shown below. Step 27: Click OK.

Global Leader in 4G LTE Network Solutions 1111 W Jefferson ST #400, Boise ID, 83702 | Toll Free: +1.855.813.3385 | cradlepoint.com

8