Click on the Add button under the VPN Policies section.Scroll down to the bottom of the page and click on Add button, enter the following settings.Login to the Remote location SonicWall appliance.Local IKE ID SonicWall Identifier: San Jose (This has to match the central location VPN's Peer IKE ID SonicWall Identifier).WAN IP: DHCP (As this is a Dynamic IP Address).The configuration window pops up.Ĭonfiguration on the remote location (Dynamic WAN IP address) Check the C configuration under IKEv2 Settings.
Navigate to Manage | Connectivity | VPN | Advanced Settings.Ensure that the VPN Policy bound to: Zone WAN.Ĭonfiguring the IKEv2 Dynamic Client Proposal:.Enable Perfect Forward Secrecy(not checked).And they will be configured in step (Configuring the IKEv2 Dynamic Client Proposal, below). NOTE:The menu "DH Group", "Encryption" and "Authentication" will be gray-out since "IPSec Primary Gateway Name or Address" in General tab is filled in "0.0.0.0" or leaved blank. Select Choose destination network from list, and select the Address Object – Remote_Lan.Select Choose local network from list, and select the Address Object – X0 Subnet (LAN subnet).Peer IKE ID: SonicWall Identifier - San Jose (This could be any string except it has to match the remote location VPN's Local IKE ID SonicWall Identifier).Local IKE ID: SonicWall Identifier - Shanghai (This could be any string except it has to match the remote location VPN's Peer IKE ID SonicWall Identifier).Shared Secret: SonicWall (The Shared Secret would be the same at both SonicWall’s).IPSec Secondary Gateway Name or Address: 0.0.0.0.NOTE: Since the Remote WAN IP address changes frequently, it is recommended to use the 0.0.0.0 IP address as the Primary Gateway. IPSec Primary Gateway Name or Address: 0.0.0.0.Select the Authentication method as IKE Using Preshared Secret.Click Add button under VPN Policies section.Check the box Enable VPN under Global VPN Settings.Navigate to Manage | Connectivity | VPN | Base Settings.At the top of the page and click Add button, enter the following settings.Navigate to Manage | Policies |Objects | Address Objects page.Login to the central location SonicWall appliance.Local IKE ID SonicWall Identifier: Shanghai (This could be any string except it has to match the remote location VPN's Peer IKE ID SonicWall Identifier) ResolutionĬonfiguration on the Central Office (Static WAN IP address) This scenario could be used while one site has dynamic WAN IP address.Īnd then on the other site, "IPSec Primary Gateway Name or Address" in the VPN policy General tab will be filled in "0.0.0.0" or left blank. SonicOS provides IKEv2 Dynamic Client Support, which provides a way to configure the Internet Key Exchange (IKE) attributes globally rather than configure these IKE Proposal settings on an individual policy basis. Copy URL The link has been copied to clipboard.
Capture Security appliance Advanced Threat Protection for modern threat landscape.Capture ATP Multi-engine advanced threat detection.Network Security Manager Modern Security Management for today’s security landscape.Security Services Comprehensive security for your network security solution.Next Generation Firewall Next-generation firewall for SMB, Enterprise, and Government.