Home » Support » Knowledge Base » IPSec VPN between eSoft Instagate and Sonicwall

IPSec VPN between eSoft Instagate and Sonicwall

Overview

The Sonicwall is a consumer grade SOHO broadband router/firewall with VPN capability, and is common in business offices. This guide's aim is to help the eSoft InstaGate administrator create a Remote Office (IPSec) VPN tunnel to this device.

Several parameters use different nomenclature to describe the settings used for configuring a VPN, and this document will try to clarify those differences to guide you to a working configuration.

These settings were tested and created on a Sonicwall with Enhanced OS, other versions of Sonicwall firmware may require a different configuration to connect to InstaGate. It is strongly advised that any Sonicwall attempting to connect to IPSec VPN on our units be running Enhanced OS.

InstaGate Configuration

Configuration on the Multi-function Firewall is fairly simple, using the default IPSec and IKE parameters. You should simply need to define your Shared Secret and the Remote Gateway and Remote Network addresses or subnet ranges.

1. To begin, log into your InstaGate's administrator interface, and browse to Firewall > Remote Office VPNs

2. Click the Add button to create a new tunnel. Assign an appropriate Name, choose your tunnel type (Local Network to Remote Network by default), and ensure Key Management is set to Automatic (Shared Secret).

3. The Local Network should be populated with your LAN data by default, modify this if you need to restrict access to a particular subnet or host on your LAN, otherwise leave the default.

4. The Remote Gateway IP Address will be the Public (WAN) IP address of the Sonicwall device. The Remote Network will be the LAN network or host behind the Sonicwall device to which you wish to connect.

5. Supply a Shared Secret - this value must be identical on both devices, this is the 'password' which allows IPSec VPN to verify the authenticity of the remote device.

6. Click the IKE button.

7. Set the "Key Refresh" to 8 hours. All other settings should be left at defaults.

8. Click Apply.

9. Click the IPSec button.

10. Set the "Key Refresh" to 8 hours and "PFS" to Disabled. "Proposal" should stay at High Security.

11. Click Apply.

12. Finally, click Apply to finish setting up the tunnel.

Sonicwall Configuration

The Sonicwall device follows the same IPSec VPN conventions used by eSoft devices, however the default settings differ slightly.

1. From the navigation bar on the left, click on VPN, this will bring up the "VPN > Settings" page. In the "VPN Global Settings" section, make sure the Enable VPN radio button is selected. In the "VPN Policies" section, click Add to create the new VPN policy.

2. On the General tab:

3. Click the Network tab.

4. In the "Local Networks" section:

5. The address object is for the LAN behind the Instagate device.

6. Click OK.

7. Click the Proposals tab.

8. For the "IKE (Phase 1) Proposal" section:

11. Click OK.

12. From the main navigation bar on the left, click VPN, then Advanced.

13. In the "Advanced VPN Settings" section, disable the Enable NAT Traversal option. This is will disable NAT Traversal and ensure interoperability with devices that use different versions of NAT.

14. Click Apply to update the configuration.

Troubleshooting

Diagnosing and troubleshooting IPSec VPN connections can be fairly complex. If you cannot establish a VPN tunnel between these devices and you've followed the configuration outlined above, please contact technical support, or get more help at http://support.esoft.com