Site-to-site vpn using pre-shared key between a SonicWall and a Cyberoam UTM
03/26/2020 20 20045
Site-to-site vpn using pre-shared key between a SonicWall and a Cyberoam UTM. In this article, we explain the configuration on both the SonicWall and the Cyberoam UTM that is needed for a successful IPSec VPN tunnel between the two devices.
Go to VPN | IPSec Connection | Create Connection and create connection with the following values: Connection name: cybertosonicwall Policy: Default Policy Action on restart: As required Mode: Tunnel Connection Type: Net to Net Authentication Type – Preshared key Preshared key –Sonicwall //same as on SonicWall. Local server IP address (WAN IP address) – 192.168.160.125 Local Internal Network – 188.8.131.52/24 Local ID – email@example.com Remote server IP address (WAN IP address) – 192.168.160.116 Remote Internal Network – 192.168.1.0/24 Remote ID – firstname.lastname@example.org // sonicWALL User Authentication Mode: As required Protocol: As required
Step 2. Activate Connection and establish Tunnel
Go to VPN | IPSec Connection | Manage Connection To activate the connection, click under Connection Status against the cybertosonicwall connection. under Connection Status a green bubble indicates that the connection is successfully activated.
Use ping to check the connectivity across the tunnel.
Note: If you try to connect from Cyberoam when the SonicWall VPN policy is not enabled, Cyberoam will display ‘Unable to establish connection’ message. NAT traversal can be enabled if the logs on SonicWall show that the peer supports NAT traversal.
Step 3. Add Address Object to define remote network that is to be connected via VPN tunnel
Go to Network | Address Object and click ADD under Address Objects and create with the following values: Name: vpncyberoam Zone: VPN Type: Network Network: 184.108.40.206 //Internal Network on Cyberoam Mask: 255.255.255.0
Step 4. Create VPN Policy
Go to VPN | Settings and click ADD under VPN Policies
A. Input following values in the General Tab fields:
Authentication Method: IKE using Preshared Key Name: sonicwalltocyber IPsec Primary Gateway Name or Address: 192.168.160.125 // WAN IP of Cyberoam IPsec Secondary Gateway Name or Address: Blank Shared Secret: sonicwall Confirm Shared Secret: Same as specified in Shared Secret field Mask Shared Secret: Enable Local IKE ID: Email Address: email@example.com // IKE id for SonicWall) Peer IKE ID: Email Address: firstname.lastname@example.org //IKE id for Cyberoam)
B. Input following values in the Network Tab fields:
Under Local Networks: Choose local network from list: LAN Subnets Under Destination Networks: Choose local network from list: vpncyberoam // object created for Cyberoam network in step 1
C. Input following values in the Proposals Tab fields:
IKE Phase I Proposal
Exchange: Main Mode DH Group: 2 Encryption: 3DES Authentication: MD5 Life Tine (seconds): 28800
Ipsec (Phase 2) Proposal
Protocol: ESP Encryption: 3DES Authentication: MD5 Enable PFS: Unchecked DH Group: 2 Life Time (seconds): 28800
If SonicWall is able to establish connection with Cyberoam successfully then the connection/tunnel details will be displayed under Currently Active VPN Tunnels.