Site-to-Site-VPN

Question

Hier sind die Einstellungen für meine Sonicwall und PFsense:

Registerkarte „Allgemein“ auf Sonicwall:

Authentication Method: IKE using Pre shared Secret

Name:  pfSense Site-to-Site PN

IPsec Primary Gateway Name or Address: 1.1.1.1 | IP for pfSense

IPsec Secondary Gateway Name or Address: 0.0.0.0

Shared Secret: Shared secret for this connection

Local IKE ID:  2.2.2.2 | Select ‘IP Address’ from the drop down menu and then type WAN IP of Sonicwall



Network tab on Sonicwall:

Local Networks

Choose local network from list: 192.168.21.0 | Create an address object for the network or you can use the built in one ‘LAN Subnets’

Destination Networks

Choose destination network from list: 192.168.65.0 | Create an address object for the remote LAN network



Proposals Tab:

IKE (Phase 1) Proposal

By default pfSense supports ‘Main Mode’ and ‘Aggressive’.

Exchange: Aggressive

DH Group: Group 2

Encryption: 3DES

Authentication: SHA1

Life Time (seconds): 28800

Ipsec (Phase 2) Proposal

Protocol: ESP

Encryption: 3DES

Authentication: SHA1

Enable Perfect Forward Secrecy: Checked

Life Time: 86400



Advanced Tab:

Check ‘Enable Keep Alive’

Entsprechende pfSense-Einstellungen:

Phase 1:

Authentication method: Mutual PSK

Negotiation Mode: Aggressive

My identifier: 1.1.1.1 (IP Address of pfSense WAN)

Peer identifier: 2.2.2.2 (IP Address of Sonicwall)

Pre Shared Key: Your pre share key

Policy Generation: Default

Proposal Checking: Obey

Encryption Algorithm: 3DES

Hash algorithm: SHA1

DH key group: 2

Lifetime: 28800



Advanced options

Nat Traversal: Enable

Dead Peer Detection: Check Enable DPD



Phase 2:

Mode: Tunnel

Local Network: 192.168.65.0/24

Remote Network: 192.168.21.0/24

Protocol: ESP

Encryption algorithms: 3DES

Hash algorithms: SHA1

PFS key group: 2

Lifetime: 84600

Bitte beachten Sie meineArtikelSo konfigurieren Sie Sonicwall mit PFSense.

Answer 1

Hier sind die Einstellungen für meine Sonicwall und PFsense:

Registerkarte „Allgemein“ auf Sonicwall:

Authentication Method: IKE using Pre shared Secret

Name:  pfSense Site-to-Site PN

IPsec Primary Gateway Name or Address: 1.1.1.1 | IP for pfSense

IPsec Secondary Gateway Name or Address: 0.0.0.0

Shared Secret: Shared secret for this connection

Local IKE ID:  2.2.2.2 | Select ‘IP Address’ from the drop down menu and then type WAN IP of Sonicwall



Network tab on Sonicwall:

Local Networks

Choose local network from list: 192.168.21.0 | Create an address object for the network or you can use the built in one ‘LAN Subnets’

Destination Networks

Choose destination network from list: 192.168.65.0 | Create an address object for the remote LAN network



Proposals Tab:

IKE (Phase 1) Proposal

By default pfSense supports ‘Main Mode’ and ‘Aggressive’.

Exchange: Aggressive

DH Group: Group 2

Encryption: 3DES

Authentication: SHA1

Life Time (seconds): 28800

Ipsec (Phase 2) Proposal

Protocol: ESP

Encryption: 3DES

Authentication: SHA1

Enable Perfect Forward Secrecy: Checked

Life Time: 86400



Advanced Tab:

Check ‘Enable Keep Alive’

Entsprechende pfSense-Einstellungen:

Phase 1:

Authentication method: Mutual PSK

Negotiation Mode: Aggressive

My identifier: 1.1.1.1 (IP Address of pfSense WAN)

Peer identifier: 2.2.2.2 (IP Address of Sonicwall)

Pre Shared Key: Your pre share key

Policy Generation: Default

Proposal Checking: Obey

Encryption Algorithm: 3DES

Hash algorithm: SHA1

DH key group: 2

Lifetime: 28800



Advanced options

Nat Traversal: Enable

Dead Peer Detection: Check Enable DPD



Phase 2:

Mode: Tunnel

Local Network: 192.168.65.0/24

Remote Network: 192.168.21.0/24

Protocol: ESP

Encryption algorithms: 3DES

Hash algorithms: SHA1

PFS key group: 2

Lifetime: 84600

Bitte beachten Sie meineArtikelSo konfigurieren Sie Sonicwall mit PFSense.

Site-to-Site-VPN

Antwort1

verwandte Informationen