Transcription

Configuration GuideHow to set up the IPSec site-to-siteTunnel between the D-Link DSRRouter and the SonicWall FirewallOverviewThis document describes how to implement IPsec with pre-shared secrets establishing asite-to-site VPN tunnel between the D-Link DSR-1000AC and the Sonicwall NSA 2400. Thescreenshots in this document are from firmware version 3.10 of the DSR-1000AC and firmwareversion 5.9.1.7 (Released in August 2016) of the Sonicwall NSA 2400. If you are using an earlierversion of the firmware, the screenshots may not be identical to what you see in your browser.

How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall 2Situation noteSite-to-site VPNs can be implemented in an enterprise to allows access and the exchange of databetween two or more geographically separated sites or offices. Once the site-to-site VPN hasbeen set up, the clients in the groups of the different sites can communicate as if they are on thesame internal network. Because companies may have other gateways appliances that are notD-Link products, this document can be used to create IPsec VPN tunnels between the DSR routerand other existing gateway appliances.IP addresses:DSR WAN: 1.1.1.2/30DSR LAN: 192.168.10.1/24FortiGate100 WAN: 2.2.2.2/30ForiGate100 LAN: 192.168.1.1/24IPsec Parameters:IPsec Mode: Tunnel ModeIPsec Protocol: ESPPhase1 Exchange Mode: MainPhase1 Encryption: 3DESPhase1 Authentication: SHA1Phase1 Authentication Method: Pre-Shared Key

How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall FirewallDiffie-Hellman Group: G2Phase1 Lifetime: 28800 secPhase2 Encryption: 3DESPhase2 Authentication: SHA1Phase2 Lifetime: 28800 secConfiguration StepDSR Settings1. Set up the WAN IP address. Navigate to: Internet Settings WAN1 Settings WAN1 Setup.Fill in relevant information based on the settings of the topology. The IP Address of the ISP Connection Typefield is the IP address of the external network connection point shown as point “c” in the topology. Click the“Save” button to complete the WAN IP address setting.3

How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall 42. Set up the IPsec policy. Navigate to the VPN Settings IPsec IPsec Policies.Press the “Add New IPSec Policy” button to create a new policy. In the General section, fill in the relevantinformation. The IP address of the Remote Endpoint refers to the external connection point of the SonicWallNSA 2400, which is shown as the point “f” in the topology. The internal IP Address range, which is indicated byLocal Start IP Address, is the IP range allowed access to the remote network over the VPN, and the remotenetwork range indicated by the Remote Start IP Address, is the IP range reachable through the VPN tunnelwith the SonicWall NSA 2400.

How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall FirewallIn the Phase 1 section, fill in the relevant information. Please notice that the Pre-shared Key must be the sameas the pre-shared key that will be entered into the SonicWall NSA 2400 later.5

How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall 6In the Phase 2 section, fill in relevant information.Click the “Save” button to complete the IPsec Policy settings.

How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall3. Check the VPN status. Navigate to: Status Active VPNs.The activity will be shown in the list as the tunnel is established with the other side.7

How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall 8Sonicwall NSA 2400 Settings1. Set up the LAN & WAN IP addresses. Navigate to: Network Interfaces.Click the “Configure” icon.

How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall FirewallFill in the relevant information for the LAN interface configuration as below. The IP Address of the General tab isthe IP address of internal network connection, which is shown as point “g” in the topology.9

How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall 10Fill in the relevant information for the WAN interface as below. The IP Address of the General tab is the IP addressof external network connection, which is shown as point “f” in the topology.

How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall 11Press the button “Accept” to confirm the changes.

How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall 122. Check the default route. Navigate to: Network Routing.Configure the relevant settings as below.

How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall 133. Set up the IPsec Tunnel. Navigate to: VPN Settings.Press the “Add” button.

How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall 14In the “General” tab, fill in the name, IPsec primary and secondary gateways, and shared secret. The IPsec Primary Gateway Name or Address is the IP address of external network connection of the DSR-1000AC, which isshown as point “c” in the topology. Insert the Shared Secret that is the same as the Pre-shared Key previouslyentered in the DSR-1000AC.

How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall 15Click the “Network” tab. In Local Networks section, select LAN Subnets as the local network. In Remote Networks,create a new address object for the destination network.

How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall 16Configure a new address object to define the IP address of the remote range reachable through the VPN withthe DSR-1000AC.

How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall 17Click OK and choose the object as a destination.

How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall 18Click the “Proposals” tab. Select the relevant settings as below.

How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall 19Click the “Advanced” tab. Select the relevant settings as below.

How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall 204. Check the VPN status. Navigate to: VPN Settings.Check the statistics to make sure the tunnel is working.

Visit our website for more informationwww.dlink.comD-Link, D-Link logo, D-Link sub brand logos and D-Link product trademarks are trademarks or registered trademarks of D-Link Corporation and its subsidiaries.All other third party marks mentioned herein are trademarks of the respective owners.Copyright 2017 D-Link Corporation. All Rights Reserved.

Phase1 Authentication Method: Pre-Shared Key Situation note Site-to-site VPNs can be implemented in an enterprise to allows access and the exchange of data between two or more geographically separated sites or offices. Once the site-to-site VPN has been set up, the clients in the groups of