Справочник Пользователя для SonicWALL 5.8.1
VPN > Settings
890
SonicOS 5.8.1 Administrator Guide
Site-to-Site VPN Configurations
When designing VPN connections, be sure to document all pertinent IP addressing information
and create a network diagram to use as a reference. A sample planning sheet is provided on
the next page. The SonicWALL must have a routable WAN IP address whether it is dynamic or
static. In a VPN network with dynamic and static IP addresses, the VPN gateway with the
dynamic address must initiate the VPN connection.
and create a network diagram to use as a reference. A sample planning sheet is provided on
the next page. The SonicWALL must have a routable WAN IP address whether it is dynamic or
static. In a VPN network with dynamic and static IP addresses, the VPN gateway with the
dynamic address must initiate the VPN connection.
Site-to-Site VPN configurations can include the following options:
•
Branch Office (Gateway to Gateway) - A SonicWALL is configured to connect to another
SonicWALL via a VPN tunnel. Or, a SonicWALL is configured to connect via IPsec to
another manufacturer’s firewall.
SonicWALL via a VPN tunnel. Or, a SonicWALL is configured to connect via IPsec to
another manufacturer’s firewall.
•
Hub and Spoke Design - All SonicWALL VPN gateways are configured to connect to a
central SonicWALL (hub), such as a corporate SonicWALL. The hub must have a static IP
address, but the spokes can have dynamic IP addresses. If the spokes are dynamic, the
hub must be a SonicWALL.
central SonicWALL (hub), such as a corporate SonicWALL. The hub must have a static IP
address, but the spokes can have dynamic IP addresses. If the spokes are dynamic, the
hub must be a SonicWALL.
•
Mesh Design - All sites connect to all other sites. All sites must have static IP addresses.
See
for a planning sheet to help you set up your VPN.
Creating Site-to-Site VPN Policies
Tip
You can easily create site-to-site VPN policies using the VPN Policy Wizard. For complete
step-by-step instructions on using the VPN Policy Wizard, see
step-by-step instructions on using the VPN Policy Wizard, see
.
You can create or modify existing VPN policies using the VPN Policy window. Clicking the Add
button under the VPN Policies table displays the VPN Policy window for configuring the
following IPsec Keying mode VPN policies:
button under the VPN Policies table displays the VPN Policy window for configuring the
following IPsec Keying mode VPN policies:
•
•
•
This section also contains information on configuring a static route to act as a failover in case
the VPN tunnel goes down. See
the VPN tunnel goes down. See
for
more information.
Tip
Use the VPN Planning Sheet for Site-to-Site VPN Policies to record your settings. These
settings are necessary to configure the remote SonicWALL and create a successful VPN
connection.
settings are necessary to configure the remote SonicWALL and create a successful VPN
connection.
Note
For configuring VPN policies between SonicWALL security appliances running SonicOS
Enhanced and SonicWALL security appliances running SonicWALL Firmware version 6.5
(or higher), see the technote: Creating IKE IPsec VPN Tunnels between SonicWALL
Firmware 6.5 and SonicOS Enhanced, available at the SonicWALL documentation Web site
Enhanced and SonicWALL security appliances running SonicWALL Firmware version 6.5
(or higher), see the technote: Creating IKE IPsec VPN Tunnels between SonicWALL
Firmware 6.5 and SonicOS Enhanced, available at the SonicWALL documentation Web site
.