SonicWALL TZ170 Manuale Utente
22
In the ‘Advanced Properties’ section, under IKE (Phase 1), modify the ‘Renegotiate IKE security associations every’ field
to "60" minutes and the ‘Use Diffie-Hellman group’ should be "Group 5 (1536 bit). Tick the option ‘Use aggressive mode’
For the ‘Ipsec (Phase 2) Proposal’ section the settings are as follows: ‘Life Time (seconds)’ is "3600". Do not enable
Perfect Forward Security. At the ‘NAT’ it is necessary to tick the option ‘Disable NAT inside the VPN community’
Click ‘Shared Secret’.
to "60" minutes and the ‘Use Diffie-Hellman group’ should be "Group 5 (1536 bit). Tick the option ‘Use aggressive mode’
For the ‘Ipsec (Phase 2) Proposal’ section the settings are as follows: ‘Life Time (seconds)’ is "3600". Do not enable
Perfect Forward Security. At the ‘NAT’ it is necessary to tick the option ‘Disable NAT inside the VPN community’
Click ‘Shared Secret’.
On the ‘Shared Secret’ section, tick the option ‘Use only Shared Secret for all External members’. Highlight "SNWL_Alice"
in the ‘Peer Name’ table below. Click on the ‘Edit…" button to enter the secret. In this example, the shared secret is
"HaRd!_to_Gue55_Al1c3" press the OK button. After this Highlight "SNWL_Bob" in the ‘Peer Name’ table below. Click on
the ‘Edit…" button to enter the secret. In this example, the shared secret is "HaRd!_to_Gue55_B0b" and press the OK
button.
Click ‘OK’ to finish the VPN Interoperability Hub Spoke setup between the SonicOS 2.5 Enhanced and Checkpoint NG
within the SmartDashboard. Make sure that the Policy has been installed onto the Checkpoint firewall to have it working.
Document Created: 11/16/2004
Last Updated: 06/19/2008
Version 1.1