How to Configure Site-to-site IPSec VPN with a SonicWALL router

Zyxel_Cooldia
Zyxel_Cooldia Posts: 1,511  Zyxel Employee
Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
edited June 2022 in VPN

This example shows how to use the VPN Setup Wizard to create a site-to-site VPN between a ZYWALL/USG and a SonicWALL router. The example instructs how to configure the VPN tunnel between each site. When the VPN tunnel is configured, each site can be accessed securely.

Set Up the IPSec VPN Tunnel on the ZyWALL/USG

In the ZyWALL/USG, go to CONFIGURATION >Quick Setup > VPN Setup Wizard, use the VPN Settings wizard to create a VPN rule that can be used with the SonicWALL. Click Next.

Quick Setup > VPN Setup Wizard > Welcome

Choose Advanced to create a VPN rule with the customize phase 1, phase 2 settings and authentication method. Click Next.

Quick Setup > VPN Setup Wizard > Welcome > Wizard Type

Type the Rule Name used to identify this VPN connection (and VPN gateway). You may use 1-31 alphanumeric characters. This value is case-sensitive. Select the rule to be Site-to-site. Click Next.

Quick Setup > VPN Setup Wizard > Wizard Type > VPN Settings (Scenario)

Then, configure the Secure Gateway IP as the SonicWALL’s Gateway IP address (in the example, 172.100.20.23); select My Address to be the interface connected to the Internet.

Set the desired Negotiation, Encryption, Authentication, Key Group and SA Life Time settings. Type a secure Pre-Shared Key (8-32 characters) which must match your SonicWALL Shared Secret.

Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN Settings (Phase 1 Setting)

Continue to Phase 2 Settings to select the desired Encapsulation, Encryption, Authentication, and SA Life Time settings.

Set Local Policy to be the IP address range of the network connected to the ZyWALL/USG and Remote Policy to be the IP address range of the network connected to the SonicWALL. Click OK.

Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN Settings (Phase 2 Setting)

This screen provides a read-only summary of the VPN tunnel. Click Save.

Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN Settings (Summary

Now the rule is configured on the ZyWALL/USG. The Phase 1 rule settings appear in the VPN > IPSec VPN > VPN Gateway screen and the Phase 2 rule settings appear in the VPN > IPSec VPN > VPN Connection screen. Click Close to exit the wizard.

Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN Settings > Wizard Completed

Go to VPN Gateway > Show Advanced Settings > Authentication to configure your Local ID Type and Peer ID Type to match your SonicWALL’s VPN > Settings > VPN Policies > General > IKE Authentication > Local IKE ID and Peer IKE ID.

VPN Gateway > Show Advanced Settings > Authentication

Set Up the IPSec VPN Tunnel on the SonicWALL

In the SonicWALL VPN > Settings > VPN Policies, click Add to create a new VPN policy. Select Policy Type to be the Site to Site, select Authentication Method to be the IKE using Preshared Secret. Type the ZyWALL/USG's WAN IP Address to be the IPsec Primary Gateway Name or Address (in the example, 172.10.120.11).

In the IKE Authentication section, set the Shared Secret to be the same as your ZyWALL/USG’s Pre-Shared Key. Then, set the Local IKE ID and the Peer IKE ID to match your ZyWALL/USG’s VPN Gateway > Show Advanced Settings > Authentication > Local ID Type and Peer ID Type.

VPN > Settings > VPN Policies > General

In the SonicWALL VPN > Settings > VPN Policies > Network, choose Local Network to be the IP address range of the network connected to the SonicWALL (found under SonicWALL > Network > Interfaces > LAN). 

Go to Remote Network and create a new address IP address range of the network connected to the ZyWALL/USG. Then, scroll down the list to choose the newly created Address Object to be the Remote Network.

VPN > Settings > VPN Policies > Network

In the SonicWALL VPN > Settings > VPN Policies > Proposals > IKE (Phase 1) Proposal and set Exchange, DH Group, Encryption and Authentication to match your ZyWALL/USG’s VPN Gateway > Show Advanced Settings > Phase 1 Settings.

Go to IKE (Phase 2) Proposal and set the Protocol, Encryption and Authentication to match your ZyWALL/USG’s VPN Connection > Show Advanced Settings > Phase 2 Settings.

VPN > Settings > VPN Policies > Proposals

Select Enable VPN and click Refresh Active.

VPN > Settings > VPN Global Settings

Test the IPSec VPN Tunnel

Go to ZyWALL/USG CONFIGURATION > VPN > IPSec VPN > VPN Connection, click Connect on the upper bar. The Status connect icon is lit when the interface is connected

CONFIGURATION > VPN > IPSec VPN > VPN Connection

Go to ZyWALL/USG MONITOR > VPN Monitor > IPSec and verify the tunnel Up Time and the Inbound(Bytes)/Outbound(Bytes) traffic.

MONITOR > VPN Monitor > IPSec

Go to SonicWALL VPN > VPN Settings > VPN Policies, the status green light is on.

VPN > VPN Settings > VPN Policies

Go to SonicWALL VPN > VPN Settings > Currently Active VPN Tunnels > VPN Tunnel Statics to check Tunnel valid time, Bytes In (Incoming Data) and Bytes Out (Outgoing Data).

VPN > VPN Settings > Currently Active VPN Tunnels

Tagged: