How to Setup a VPN tunnel and use it

Document Sample
How to Setup a VPN tunnel and use it Powered By Docstoc
					How to: Setup a VPN tunnel and use it as default route for all
                                                              Prepared by SonicWALL, Inc.

The SonicWALL TZ170 routes all traffic into a VPN tunnel terminating at a Pro4060. The
Pro4060 routes the traffic as needed to its destination.


                           TZ 170



                                                                            PRO 4060


Until now, it was not possible to route traffic returning to a VPN tunnel from the Internet
via the same gateway. Before, it was necessary to use a second gateway, but with the
introduction of SonicOS Enhanced 2.0, this is no longer the case.

This document demonstrates the configuration of this particular scenario.
Configuring a VPN Tunnel Between Two SonicWALL Appliances
       Step 1 (Optional) - TZ170: Change the Unique Firewall Identifier (UFI).
       Step 2 - Add a new SA or edit an existing VPN configuration.

Step 3 - TZ170: Configure the destination network to “Use this VPN Tunnel as default
Step 4 - TZ170: Configure the Proposals and Advanced tabs as needed.
Configuring the Pro4060 with SonicOS Enhanced

Step 1 - Configure your Network Interfaces and assign each interface a Zone.
Step 2 - Create the Network Objects. In this example, a remote network on the TZ 170
local LAN was created, and it is accessible through a VPN tunnel.
Step 3 (Optional) - Change your UFI.
Step 4 - Add a new SA or edit an existing VPN configuration.

Be sure the tunnel becomes active, status green, after completing the VPN tunnel

Step 5 – Click the Notepad icon to continue VPN tunnel configuration.
Step 6 - On the Network tab, select Any address under Local Networks. Under
Destination Networks, select Choose destination network from list, and select the
network object (the remote network behind the TZ170) from the list.
Step 7 - Configure the Proposals and Advanced tabs as needed to match the TZ170
Step 8 – Click OK to add the changes to the SonicWALL.
Step 7 – Click Firewall.
Step 9 - Configure the appropriate Access Rules to all destinations. Be sure to only give
access to needed destinations and services. Do not use the Any/Allow as it appears in
this example!
Step 10 - Finally, create a NAT rule that maps traffic coming from the TZ170 local
network and goes back to the Internet and to the public WAN IP.

Configuration is now complete.