The VPN policy configuration creates a Tunnel Interface between two end points. Static or Dynamic routes can then be added to the Tunnel Interface. The Route. Configuring Tunnel Interface (static route-based) VPN using Enterprise Command Line. Last Updated: 12/6/ Views 9 Users found this article helpful. How to Configure a Tunnel Interface VPN (Route-Based VPN) between two SonicWall UTM appliances ยท Configuring a Tunnel Interface VPN with DHCP Relay.

Author: Nilkis Dat
Country: Ethiopia
Language: English (Spanish)
Genre: Travel
Published (Last): 27 December 2016
Pages: 153
PDF File Size: 16.97 Mb
ePub File Size: 11.89 Mb
ISBN: 752-9-34444-875-6
Downloads: 54911
Price: Free* [*Free Regsitration Required]
Uploader: Moogugar

Sep 14, 3: This question is answered. I attempted to set this up with our on-premises SonicWall NSA but failed miserably, probably due to my lack of firewall experience.

Jul 31, Jose Luiz Galego Jr. Knterface 16, I have attached 2 images of these 2 points. We weren’t able to do 2 VPNs tunnels. Sep 18, 3: I found a post in the SonicWall forums that solved the problem for me.

IPSec VPN with SonicWALL – Redirecting traffic over VPN

The trick is to set the VPN policy type to “Tunnel Interface” and create static routes for each tunnel. Tunnel Interface Authentication Method: Virtual Private Gateway Shared Secret: IP Address leave the value empty In the Proposals property sheet: IKE Phase 1 Proposal: Main Mode DH Group: Group 2 Text file value: Diffie-Hellman Group 2 Encryption: AES Text file value: SHA1 Text file value: ESP Text file value: Diffie-Hellman Group 2 Life Time seconds: Enabled VPN Policy bound to: Enabled Permit TCP acceleration: Disabled I guess Soonicwall Access Rules: Enabled Dead Peer Detection Interval seconds: Clear Don’t Fragment Bit: May 10, 7: Thanks so much for your post!

It helped us a lot. We have the NSA We are not able to get the tunnel working.

What do we do with the part of the config text file from AWS that talks about To route traffic between your internal network and your VPC, you will need a static route added to your router. SonicWall is saying everything is setup right on the appliance.

Jun 14, 7: Jun 18, 2: Having the same issue on a TZ, would like to know the answer. Jun 25, 9: Also, after you add the association you’ll need to choose “route propogation” to make it live.

Dec 13, Thanks for the route propagation tip! I followed the instructions on http: Jan 2, 9: When I setup the second tunnel, I get “Error: I didn’t set the policy type to tunnel. Feb 11, 1: We have had nothing but problems from sonciwall Sonicwall TX Enough that it is very often that both tunnels are down. My developers are constantly getting kicked out with a “broken pipe” and they are frustrated.


Anyone else had frequent tunnel drop outs, especially in the past month? Apr 3, 3: It’s a good starting point, but I got stuck on a few things. Starting on Page 5, follow the steps, this all works as tunnl.

Sure go ahead and set them both up – just know which tunnel data you’re reading from. When I thought it was just one VPN tunnel spec I got them mixed up when flipping back and forth between the file and my config web page. You can ignore page 19 on. Rebooted the EC2 and everything came up.

While it’s open it’s just okay. ToMoy on Apr 17, 4: Apr 19, 9: We’re seeing tunnels dropping sporadically between a and aws.

AWS Developer Forums: Help with SonicWall and IPSec VPN

What firmware version are you on? Apr 28, 9: I also have seen tunnels dropping sporadically. I happen to be on 5. I had been having constant sporadic drops during the day, but at least it would reconnect.

Now, it seems to be more stable while it is up – no sporadic dropping and reconnecting since a recent vpn maintenance period at Amazon, but I don’t know if that has anything to do with itbut it drops after about a iterface and stays off.

I can restart it by disabling and enabling the connection. It would be great to know settings for the Sonicwall that would cause it to stay on consistently.

Apr 28, Fwiw, it’s only the second tunnel that drops sporadically, and it can stay up for days, and then drop lots, and then stay up again.

We haven’t changed anything on the Sonicwall side, I suspect this is some sort of Amazon issue, specific to the “redundant” tunnel. But Intrrface don’t really know.

sknicwall Apr 30, SonicWALL hasn’t attended my case yet, going to have to call in and escalate it. Get the feeling they just don’t have it worked out yet. Tried Hamachi, but it’s throughput seems slow – something must be standing in between. I don’t see the serve’s struggling to crunch the encryption. Thinking about setting up a gateway virtual appliance that either I spin up in my VPC and or also on my vSphere environment to connect us.


When it works it’s great. But the downtime is unacceptable for business use. May configrue, 4: I got it to work, but there was one big difference that I noticed, which is that I still had to put in static route policies, even though the BGP route going to the “next sonicwsll “inside address” was also showing after I did the BGP configuration.

Site-to-Site VPN, UTM to SonicWall, Connection made but no traffic

There are also some small changes to sonicwaol CLI that slowed me down. You need to execute a command: Also, as you exit back up through the configuration layers, you probably need eonicwall execute “write file”, which should save the BGP configuration. Otherwise, I suspect it might not persist after a reboot of the Sonicwall. I suppose I can try to go through support and see if I can figure out why you still need the static route policy at some point, but I’ve never had much luck with Sonicwall support on anything complicated.

Oh, another thing is that I found I have to enter NAT policies to stop NAT rules from being applied on ssh and http servers that have ports forwarded in some cases, but which shouldn’t clnfigure translated if going through the VPN tunnel. So, I am waiting to see if it will be stable or not.

I was encouraged to do this by Amazon tech support. They seem to think the BGP version should be more stable. I guess I’m going to intergace out, but I’m troubled that I may have ktm bug in the implementation due to the strange need to add the static route policies, which I would’ve thought should be unnecessary and weren’t indicated as necessary in the tech note. I put the metric on the static routes at just out of curiosity. It caused the BGP routes to show up again, as they are auto-added with metric After disabling and re-enabling the VPN tunnels, it all seems to work.

Bill Wraith on May 4, 5: May 15,