Dynamic-IP Tunnels (IPSEC or WireGuard) for SonicWall NSv/TZ and SonicWall Cloud Edge Gateway
06/13/2023 2 People found this article helpful 388,328 Views
Description
This document describes instructions to establish a site-to-site tunnel (IPSec or WireGuard) between your SonicWall Coud Edge gateway and a SonicWall NSv/TZ with a dynamic public IP address.
NOTE: This option is not supported by cloud IaaS providers (such as AWS, GCP, or Azure).
Use cases:
- Specific to the customers where their ISP does not assign the static Public IP on to their Firewall WAN interface.
- Some ISPs assign WAN IP as dynamic; Public/WAN IP is not static; The IP keep changing
- Firewall/Router does not have Public IP at all
Resolution
IPSec based connections.
- Create a tunnel from Cloud Edge platform with the information as illustrated below.
- Name: any IPSEC tunnel custom name
- Shared Secret: Enter a string of at least 8 characters or use the Generate button. Make sure to copy and save it, as it'll be required when setting up the tunnel on your SonicWall NSv/TZ
management interface. - Public IP: Enter 0.0.0.0
- Remote ID: Enter any custom string. This parameter will be used as an additional shared secret, providing an extra level of security. Copy and save it as it'll be used as the left ID (local ID or local identification) when setting the tunnel on your firewall/router management interface.
CAUTION: 0.0.0.0 is NOT an acceptable value for the Remote ID.
- SonicWall Gateway Proposal Subnet: Specify your SonicWall network subnet (do not choose any).
- Remote Gateway Proposal Subnet: Specify your on-premises internal network subnet.
- In the Advanced Settings section make sure to select IKEv2 only. The rest of the values remain the same as configured on your on-premise Firewall/Router.
- When setting up the tunnel at the SonicWall NSv/TZ management interface fill the information as following
- Local IP: Since you're using a dynamic IP, enter a default value (this will vary between different vendors).
- Local Identification/Local ID/My identifier: Fill in the same value you set for Remote ID at the SonicWall Cloud Edge platform. Select Local IKE ID as ‘Domain Name’ on SonicWall NSv/TZ
- Remote IP/Remote ID/Peer Identifier: Enter your SonicWall Cloud Edge gateway IP address.
- IKE Version: IKEv2
- Fill in the rest of the fields as appropriate.
- On applying settings, Dynamic IP Tunnel will be active both the sides (Cloud Edge and NSV/TZ)
WireGuard based connections.
While creating WireGuard tunnel using Dynamic IP, just fill the End Point IP as 0.0.0.0 Rest of the settings as appropriate.
Related Articles
Categories
Was This Article Helpful?
YESNO