Network/VPN Overlap How-To with SonicOS 2.0 Enhanced Updated 9/26/03 SonicWALL,Inc.



Similar documents
UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

Supporting Multiple Firewalled Subnets on SonicOS Enhanced

Using SonicWALL NetExtender to Access FTP Servers

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

IPsec VPN Application Guide REV:

Using IPsec VPN to provide communication between offices

ZyWALL USG-Series. How to setup a Site-to-site VPN connection between two ZyWALL USG series.

Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

Configuring IPsec VPN with a FortiGate and a Cisco ASA

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning

TechNote. Configuring SonicOS for MS Windows Azure

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Configuring SonicOS for Microsoft Azure

DFL-210/260, DFL-800/860, DFL-1600/2500 How to setup IPSec VPN connection

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning

VPN Configuration of ProSafe Client and Netgear ProSafe Router:

Internet. SonicWALL IP SEV IP IP IP Network Mask

Configuring a VPN for Dynamic IP Address Connections

Configuring WAN Failover & Load-Balancing

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

How To Configure L2TP VPN Connection for MAC OS X client

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

How To Industrial Networking

TechNote. Configuring SonicOS for Amazon VPC

VPN Tracker for Mac OS X

How To Establish Site-to-Site VPN Connection. using Preshared Key. Applicable Version: onwards. Overview. Scenario. Site A Configuration

Configuring the PIX Firewall with PDM

How To Configure Apple ipad for Cyberoam L2TP

Configuring Windows 2000/XP IPsec for Site-to-Site VPN

Route Based Virtual Private Network

SSL-VPN 200 Getting Started Guide

Configuration Guide. How to establish IPsec VPN Tunnel between D-Link DSR Router and iphone ios. Overview

7. Configuring IPSec VPNs

V310 Support Note Version 1.0 November, 2011

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

RouteFinder. IPSec VPN Client. Setup Examples. Reference Guide. Internet Security Appliance

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues...

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

Scenario: IPsec Remote-Access VPN Configuration

Scenario: Remote-Access VPN Configuration

For more information refer: UTM - FAQ: What are the basics of SSLVPN setup on Gen5 UTM appliances running SonicOS Enhanced 5.2?

How to Open HTTP or HTTPS traffic to a webserver behind the NetVanta 2000 Series unit (Enhanced OS)

RF550VPN and RF560VPN

Firewall Defaults and Some Basic Rules

Configuring IPsec VPN between a FortiGate and Microsoft Azure

VPN Configuration Guide. Dell SonicWALL

Scenario 1: One-pair VPN Trunk

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

VPN Tracker for Mac OS X

Global VPN Client Getting Started Guide

Workflow Guide. Establish Site-to-Site VPN Connection using RSA Keys. For Customers with Sophos Firewall Document Date: November 2015

VPN Configuration Guide LANCOM

Global VPN Client Getting Started Guide

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

VPN Configuration Guide. ZyWALL USG Series / ZyWALL 1050

Configure VPN between ProSafe VPN Client Software and FVG318

Best Practices: Pass-Through w/bypass (Bridge Mode)

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

Setting up D-Link VPN Client to VPN Routers

SonicOS Enhanced 4.0: NAT Load Balancing

VPN Tracker for Mac OS X

Configuring the OfficeConnect Secure Gateway for a remote L2TP over IPSec connection

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

VPN Configuration Guide. Juniper Networks NetScreen / SSG / ISG Series

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 1 Known Issues... 2 Resolved Issues...

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

VPN Configuration Guide D-Link DFL-800

Release Notes. Pre-Installation Recommendations... 1 Platform Compatibility... 1 Known Issues... 2 Resolved Issues... 2 Troubleshooting...

Fireware How To Authentication

How do I set up a branch office VPN tunnel with the Management Server?

Enabling NAT and Routing in DGW v2.0 June 6, 2012

Setting up VPN connection: DI-824VUP+ with Windows PPTP client

Windows XP VPN Client Example

Chapter 6 Virtual Private Networking

Lab Configuring Access Policies and DMZ Settings

DIGIPASS Authentication for SonicWALL SSL-VPN

SonicWALL Global Management System Configuration Guide Standard Edition

VPN Configuration Guide. Cisco Small Business (Linksys) WRVS4400N / RVS4000

Using Microsoft s CA Server with SonicWALL Devices

UIP1868P User Interface Guide

Chapter 3 Security and Firewall Protection

Creating a VPN with overlapping subnets

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Katana Client to Linksys VPN Gateway

Chapter 10 Troubleshooting

VPN Configuration Guide D-Link DFL-200

Gateway-to-Gateway VPN with Certificate

Creating a Client-To-Site VPN. BT Cloud Compute. The power to build your own cloud solutions to serve your specific business needs.

How to Setup PPTP VPN Between a Windows PPTP Client and the DIR-130.

Configure IPSec VPN Tunnels With the Wizard

VPN Configuration Guide. Cisco Small Business (Linksys) WRV210

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

How To - Setup Cyberoam VPN Client to connect to a Cyberoam for the remote access using preshared key

Transcription:

Network/VPN Overlap How-To with SonicOS 2.0 Enhanced Updated 9/26/03 SonicWALL,Inc. Introduction In this whitepaper, we will configure a VPN tunnel between two SonicWALLs running SonicOS 2.0 Enhanced that use the same IP subnet on their LAN interface. With previous versions of SonicWALL firmware it was not possible to handle this situation, as the firmware was not capable of adequately performing NAT on VPN tunnel traffic. This new firmware feature is intended for use in situations where renumbering one of the networks is not an option, yet both sides must be able to communicate with each other despite using the same network numbers. For this test, we will configure both SonicWALLs with the same 192.168.10.0/24 subnet, but will attach hide subnets on each side, such that each side appears to have a separate, unique subnet. Notes When dealing with overlapping IP networks, SonicWALL will perform 1-2-1 NATs in each direction for all traffic flowing across the VPN, in either direction. Because of this, it will be necessary to make sure the hide subnets are the same size as the overlap subnets. This method of NAT makes it easy to determine the appropriate hide address for each side, respectively. For example, if you have the same Class C network on each side, you ll need to use Class C hide subnets so that all potential addresses on each side can be mapped properly. So, when the tunnel is up, if you wished to reach a server on the other side of the tunnel whose true address is 192.168.10.200, you would contact it at 192.168.50.200; persons on the other side of the tunnel wishing to reach resources on your side would do the same (i.e. replace the first three octets with the hide subnet, and not change the fourth octet). Network Map For this whitepaper, we will use the following network map to show how it is possible to deal with overlapping IP subnets (see Figure 1, next page). You will need to address the WAN interfaces of the PRO4060 devices with unique, publically reachable static IP addresses. For this example, we will be using 192.168.10.0/24 as the example for the overlapping IP subnets. 1

Figure 1 Network Testbed for NAT/VPN Overlap Test Setup Steps Address both PRO4060 units as shown in the network map above. Make sure that both devices have the same subnet attached (192.168.10.0/24). Attach and address the servers as shown (192.168.10.200/24). The LAN interfaces of each PRO4060 should be 192.168.10.1/24. Assign the unique WAN IP addresses per your ISP-provided settings. PRO4060 CHICAGO Log into the management GUI of the PRO4060 labelled CHICAGO (see network map above), using a web browser on the server located at 192.168.10.200. Go to the Network > Address Objects section and click on the Add button. Create a network object called local_hide of type Network with values 192.168.25.0 255.255.255.0, zone assignment LAN. Then, create a network object called remote_hide of type Network with values 192.168.50.0 255.25.255.0, zone assignment VPN. These are the two hide subnets that we ll be using when creating the VPN tunnel between the two PRO4060 devices. The PRO4060 at CHICAGO will think that the network behind SEATTLE is 192.168.50.0/24, and the PRO4060 at SEATTLE will think that the network behind CHICAGO is 192.168.25.0/24. 2

Figure 2 CHICAGO Hide Networks Next, go to the VPN > Settings menu and click on the Add button. When the pop-up screen, appears, enter the following values for the General tab (figure 3): IPSec Keying Mode: IKE Using Preshared Secret Name: to_seattle IPSec Primary Gateway Name or Address: fill in with WAN IP address of other PRO4060 IPSec Secondary Gateway Name or Address: leave blank Shared Secret: enter complex password; you will need to enter the same on the other PRO4060 Local IKE ID (optional): leave blank; firewall will autopopulate Peer IKE ID (optional): leave blank, firewall will autopopulate Once these values have been set, click on the Network tab (figure 4). On this tab, enter the following values: Under Local Networks select the radio button next to Choose local network from list and from the drop-down box next to this, select LAN Primary Subnet Under Destination Networks select the radio button next to Choose destination network from list and from the drop-down box next to this, select remote_hide Once these values have been set, click on the Advanced tab (figure 5). We will be using the defaults on the Proposals tab, so please skip this tab. On the Advanced tab, enter the following values: Check the box next to Apply NAT Policies From the drop-down next to Translated Local Network, select local_hide From the drop-down next to Translated Remote Network, select Original Once these values have been set, click on the OK button to save and activate the changes. 3

Figure 3 CHICAGO VPN General Policy Tab Figure 4 CHICAGO VPN Network Policy Tab 4

Figure 5 CHICAGO VPN Advanced Policy Tab PRO4060 SEATTLE Log into the management GUI of the PRO4060 labelled CHICAGO (see network map on page 2), using a web browser on the server located at 192.168.10.200. Go to the Network > Address Objects section and click on the Add button. Create a network object called local_hide of type Network with values 192.168.50.0 255.255.255.0, zone assignment LAN. Then, create a network object called remote_hide of type Network with values 192.168.25.0 255.255.255.0, zone assignment VPN. Figure 6 SEATTLE Hide Networks 5

Next, go to the VPN > Settings menu and click on the Add button. When the pop-up screen, appears, enter the following values for the General tab (figure 7): IPSec Keying Mode: IKE Using Preshared Secret Name: to_chicago IPSec Primary Gateway Name or Address: fill in with WAN IP address of other PRO4060 IPSec Secondary Gateway Name or Address: leave blank Shared Secret: enter complex password you used on other PRO4060 Local IKE ID (optional): leave blank; firewall will autopopulate Peer IKE ID (optional): leave blank, firewall will autopopulate Once these values have been set, click on the Network tab (figure 8). On this tab, enter the following values: Under Local Networks, select the radio button next to Choose local network from list and from the drop-down box next to this, select LAN Primary Subnet Under Destination Networks, select the radio button next to Choose destination network from list and from the drop-down box next to this, select remote_hide Once these values have been set, click on the Advanced tab (figure 9). We will be using the defaults on the Proposals tab, so please skip this tab. On the Advanced tab, enter the following values: Check the box next to Apply NAT Policies From the drop-down next to Translated Local Network, select local_hide From the drop-down next to Translated Remote Network, select Original Once these values have been set, click on the OK button to save and activate the changes. Figure 7 SEATTLE VPN General Policy Tab 6

Figure 8 SEATTLE VPN Network Policy Tab Figure 9 SEATTLE VPN Advanced Policy Tab 7

Testing From each side, activate the tunnel by opening a connection to the other side s server. In this test scenario, the server behind the CHICAGO firewall can be reached across the tunnel at 192.168.25.200, and the server behind the SEATTLE firewall can be reached across the tunnel at 192.168.50.200. Ensure that you can reach each server via HTTP and FTP from the other side across the tunnel using these hide addresses. If you cannot reach the servers across the VPN tunnel, log into each PRO4060 device and check to see if the tunnels have negotiated (if they have negotiated successfully, the firewall will list the active tunnel under Currently Active VPN tunnels in the VPN > Settings menu). 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information