Skip to content

Latest commit

 

History

History
157 lines (119 loc) · 6.94 KB

site2cloud_sonicwall.rst

File metadata and controls

157 lines (119 loc) · 6.94 KB
Raw

Aviatrix Gateway to Sonicwall

This document describes how to build an IPsec tunnel based Site2Cloud connection between Aviatrix Gateway and Sonicwall.

The network setup is as follows:

VPC/VNet-AVX (with Aviatrix Gateway)

VPC/VNet CIDR: 10.0.0.0/16

On-Prem (with Sonicwall)

On-Prem Network CIDR: 10.16.100.0/24

Creating a Site2Cloud Connection at the Aviatrix Controller ======================================================

  1. Go to Gateway > New Gateway to launch an Aviatrix Gateway at the subnet (public subnet in AWS, GCP, or OCI) of VPC/VNet-AVX. Collect Gateway's public IP addresses (35.161.77.0 in this example).
  2. Go to the Site2Cloud page and click Add New to create a Site2Cloud connection.
Field Value

VPC ID/VNet Name

 Choose VPC/VNet ID of VPC-AVX

Connection Type

 Unmapped

Connection Name

 Arbitrary (e.g. avx-sonicwall-s2c)

Remote Gateway Type

 Sonicwall

Tunnel Type

 UDP

Algorithms

 Unmark this checkbox

IKEv2

 Unmark this checkbox

Encryption over DirectConnect

 Unmark this checkbox

Enable HA

 Unmark this checkbox

Primary Cloud Gateway

 Select Aviatrix Gateway created above

Remote Gateway IP Address

 Public IP of Sonicwall (66.7.242.225 in this example)

Pre-shared Key

 Optional (auto-generated if not entered)

Remote Subnet

 10.16.100.0/24 (On-Prem Network CIDR)

Local Subnet

 10.0.0.0/16

Creating Address Objects for the VPN subnets ========================================

Navigate to Network > Address Objects > click Add.

Creating an Address Object for the Local Network

Field Value

Name

 Arbitrary e.g. Site2Cloud-local

Zone

 LAN

Type

 Network

Network

 The LAN network range

Network Mask/Prefix

 e.g. 255.255.255.0

image0

Creating an Address Object for the Cloud Network

Field Value
Name Arbitrary e.g. site2cloud-cloud
Zone WAN
Type Network
Network The Cloud network range
Network Mask/Prefix e.g. 255.255.0.0

image2

Configuring the VPN Tunnel

Navigate to VPN > Settings > click Add.

On the General tab fill in the following fields:

Field Value
Policy Type Site to site
Authentication Method IKE using Preshared Secret
Name Arbitrary (e.g. Aviatrix-GW)
IPsec Primary Gateway Address The public IP of the Aviatrix Gateway
IPsec Secondary Gateway Address The public IP of the Aviatrix HA Gateway if configured
Shared Secret Arbitrary
Confirm Shared Secret Re-enter Shared Secret
Local IKE ID Leave blank
Peer IKE ID Leave blank

image1

Assigning the Local and Remote Address Objects to the Tunnel

Select the Network tab and select the Address objects created above.

Choose local network from list: e.g. Site2Cloud-local.

  1. Select the Proposals tab and set the IKE and IPsec values.
Field Value
Exchange Main Mode
DH Group Group2
Encryption AES-256
Authentication SHA1
Life Time (seconds) 28800

IPsec (Phase 2) Proposals

Field Value
Protocol ESP
Encryption AES-256
Authentication SHA1
Enable Perfect Forward Secrecy Mark this checkbox
DH Group Group 2
Life Time (seconds) 3600

image4

  • Note - If Secondary Peer IP is configured, then Peer IKE ID must be left blank or else failover will not work properly.

    image5

Advanced Settings

  • Click the Advance tab.
  • Mark the Enable Keep Alive checkbox.
  • Click OK to save.

image3