Cloud Edge Secure Access Getting Started Guide
- Cloud Edge Secure Access
- Welcome to SonicWall Cloud Edge!
- Prerequisites
- Installation
- Networks
- Groups and Members
- Securing the Platform
- Monitoring
- Compliance
- SonicWall Support
Alibaba Cloud
This article describes how to establish a Site-To-Site IPSEC VPN connection between Alibaba Cloud and SonicWall Cloud Edge Secure Access.
- Setting a tunnel on Alibaba Cloud
- Setting access rules in Alibaba security groups
- SonicWall Cloud Edge setting
Please follow the steps below:
Setting a tunnel on Alibaba Cloud
- Log in to the VPC console.
- In the Management Portal on the left side, choose VPN > IPsec Connections.
- Select a region.
- On the IPsec Connections page, select Create IPsec Connection.
- On the Create IPsec Connection page, configure the IPsec-VPN connection with the following information, and select OK.
- Name: Enter the name of the IPsec-VPN connection.
- VPN Gateway: Select the VPN Gateway to connect - If none exists, create a new one.
- Customer Gateway: Select the customer gateway to connect. If none exists, create a new one for the gateway public IP.
- Local Network: Enter the CIDR block of the VPC to be connected with the on-premises data center. This parameter is used for phase two negotiation.
- Remote Network: Enter the CIDR block of the on-premises data center to be connected with the VPC. This parameter is used for phase two negotiation (if you didn't select a specific subnet) default is - 10.255.0.0/16.
- Effective Immediately: Choose Yes.
-
Advanced Configuration: IKE Configurations.
- Pre-Shared Key: Enter the pre-shared key used for the authentication between the VPN Gateway and the customer gateway. By default, it is an automatically generated value. But you can also specify a pre-shared key - this key should be used also in the connection side.
- Version: IKEv1
- Negotiation Mode: Main mode
- Encryption Algorithm: aes256
- Encryption Algorithm: sha1
- DH Group: group2
- SA Life Cycle (seconds): Set the SA lifecycle for phase one negotiation. The default value is 86,400 seconds.
- LocalId: Local VPN Gateway public IP address
- RemoteId: Gateway public IP address
Advanced Configuration: IPSec Configurations
- Encryption Algorithm: aes256
- Authentication Algorithm: sha1
- DH Group: group2
- SA Life Cycle (seconds): Set the SA lifecycle for phase two negotiation. The default value is 86,400s.
Health Check - Optional
Setting access rules in Alibaba security groups
- Go to your security group that is associated with your server.
- Add Allow rule with 10.255.0.0/16 object to the desired ports.
Setting routes in Alibaba cloud
- Go to your VPN.
- Select Route Tables.
- Add the following route under the System route table or on your custom route table: 10.255.0.0/16. The next hop should be the VPN Gateway you created for the connector.
SonicWall Cloud Edge setting
- Go to the Gateway in your network from which you want to create the tunnel to Alibaba Cloud.
-
Select the three-dotted menu (...) and select Add Tunnel.
-
Select IPSec Site-2-Site Tunnel and select Continue.
-
Enter the General Settings:
Name: Set the name for the Tunnel.
Shared Secret: Put the same Shared secret you set in Alibaba Cloud.
Public IP and Remote ID: enter AliBaba VPN Gateway Public IP address.
In Gateway Proposal Subnets, select Any or Specific Subnet.
In Remote Gateway Proposal Subnets put your Alibaba Cloud subnet/s.
Advanced Settings:
-
Enter the Advanced Settings:
- IKE Version: V1
- IKE Lifetime: 8h
- Tunnel Lifetime: 1h
- Dead Peer Detection Delay: 10s
- Dead Peer Detection Timeout: 30s
- Encryption (Phase 1): aes256
- Encryption (Phase 2): aes256
- Integrity (Phase 1): sha1
- Integrity (Phase 2): sha1
- Deffie-Hellman Groups (Phase 1): 2
- Deffie-Hellman Groups (Phase 1):2
3. Select Add Tunnel.
Was This Article Helpful?
Help us to improve our support portal