Site-to-site vpn using pre-shared key between a SonicWall and a Cyberoam UTM
03/26/2020 21 People found this article helpful 403,621 Views
Description
Site-to-site vpn using pre-shared key between a SonicWall and a Cyberoam UTM. In this article, we explain the configuration on both the SonicWall and the Cyberoam UTM that is needed for a successful IPSec VPN tunnel between the two devices.
Resolution
Network diagram
Cyberoam configuration
Step 1: Create IPSec connection
Go to VPN | IPSec Connection | Create Connection and create connection with the following values:
Connection name: cybertosonicwall
Policy: Default Policy
Action on restart: As required
Mode: Tunnel
Connection Type: Net to Net
Authentication Type – Preshared key
Preshared key –Sonicwall //same as on SonicWall.
Local server IP address (WAN IP address) – 192.168.160.125
Local Internal Network – 172.100.1.0/24
Local ID – test2@sonicwall.com
Remote server IP address (WAN IP address) – 192.168.160.116
Remote Internal Network – 192.168.1.0/24
Remote ID – test1@sonicwall.com // sonicWALL
User Authentication Mode: As required
Protocol: As required
Step 2. Activate Connection and establish Tunnel
Go to VPN | IPSec Connection | Manage Connection
To activate the connection, click under Connection Status against the cybertosonicwall connection. under Connection Status a green bubble indicates that the connection is successfully activated.
Use ping to check the connectivity across the tunnel.
Note: If you try to connect from Cyberoam when the SonicWall VPN policy is not enabled, Cyberoam will display ‘Unable to establish connection’ message. NAT traversal can be enabled if the logs on SonicWall show that the peer supports NAT traversal.
SonicWall Configuration
Step 3. Add Address Object to define remote network that is to be connected via VPN tunnel
Go to Network | Address Object and click ADD under Address Objects and create with the following values:
Name: vpncyberoam
Zone: VPN
Type: Network
Network: 172.100.1.0 //Internal Network on Cyberoam
Mask: 255.255.255.0
Step 4. Create VPN Policy
Go to VPN | Settings and click ADD under VPN Policies
A. Input following values in the General Tab fields:
Authentication Method: IKE using Preshared Key
Name: sonicwalltocyber
IPsec Primary Gateway Name or Address: 192.168.160.125 // WAN IP of Cyberoam
IPsec Secondary Gateway Name or Address: Blank
Shared Secret: sonicwall
Confirm Shared Secret: Same as specified in Shared Secret field
Mask Shared Secret: Enable
Local IKE ID: Email Address: test1@sonicwall.com // IKE id for SonicWall)
Peer IKE ID: Email Address: test2@sonicwall.com //IKE id for Cyberoam)
B. Input following values in the Network Tab fields:
Under Local Networks: Choose local network from list: LAN Subnets
Under Destination Networks: Choose local network from list: vpncyberoam // object created for Cyberoam network in step 1
C. Input following values in the Proposals Tab fields:
IKE Phase I Proposal
Exchange: Main Mode
DH Group: 2
Encryption: 3DES
Authentication: MD5
Life Tine (seconds): 28800
Ipsec (Phase 2) Proposal
Protocol: ESP
Encryption: 3DES
Authentication: MD5
Enable PFS: Unchecked
DH Group: 2
Life Time (seconds): 28800
If SonicWall is able to establish connection with Cyberoam successfully then the connection/tunnel details will be displayed under Currently Active VPN Tunnels.
Related Articles
Categories
Was This Article Helpful?
YESNO