SonicWall: How to configure IPSec VPN Site to Site between SonicWall and Sophos XGS

Overview

The article shows how to configure IPSec VPN Site to Site between two SonicWall and Sophos XGS firewall devices to connect two sites like two LANs together and is done through a secure security protocol like IPSec

The article will use the Preshared key authentication protocol

The article was made on a SonicWall NSv 270 device with SonicOSX version 7.0.1

Diagram

Steps of configuration

  • On SonicWall firewall
    • Create Network Host
    • Create IPSec VPN Rule
    • Create firewall rule
  • On Sophos firewall
    • Create Network Host
    • Create IPSec Policy
    • Create IPSec Connection
  • Check the result

How to configure

On SonicWall firewall

Create Network Host

  • Login to SonicWall firewall by Admin account
  • Go to OBJECT -> Choose Addresses -> Click Add
  • Enter name for SonicWall LAN
  • In Zone Assignment: Choose LAN
  • In Type: Choose Network
  • In Network: Enter SonicWall LAN network
  • In Netmask/Prefix Length: Enter subnet mask of SonicWall LAN
  • Click Save
  • Enter name for Sophos LAN
  • In Zone Assignment: Choose VPN
  • In Type: Choose Network
  • In Network: Enter Sophos LAN network
  • In Netmask/Prefix Length: Enter subnet mask of Sophos LAN
  • Click Save

Create IPSec VPN Rule

  • Go to NETWORK -> Choose Rule and Settings -> Click Add
  • In Policy Type: Choose Site to Site
  • In Authentication Method: Choose IKE Using Preshared Secret
  • In Name: Enter name of VPN Policy
  • In IPSec Primary Gateway Name or Address: Enter IP WAN of Sophos site
  • In Shared Secret: Enter preshared key
  • Move to Network tab
  • In Choose local network from list: Choose sonicwall LAN network that was created before
  • In Choose destination network from list: Choose sophos LAN network that was created before
  • Move to Proposals tab
  • In Proposals: Choose the desired authentication encryption security parameters
  • Move to Advanced tab
  • Turn on Enable Keep Alive and you can turn on more features that you want
  • Click Save

Create firewall rule

  • Go to POLICY -> Choose Security Policy -> Click Add ->Create 2 firewall rule for 2 networks can connect together

On Sophos firewall

Create Network Host

  • Login to Sophos firewall by Admin account
  • Go to Hosts and services -> Choose IP Host -> Click Add
  • Enter name for Network
  • In IP version: Choose IPv4
  • In Type: Choose Network
  • In IP Address: Enter SonicWall LAN network
  • Click Save
  • Enter name for Network
  • In IP version: Choose IPv4
  • In Type: Choose Network
  • In IP address: Enter Sophos LAN network
  • Click Save

Create IP Policy

  • Go to VPN -> Choose IPSec policies -> Click Add
  • Enter name
  • Enter the same parameters with SonicWall site
  • Click Save

Create IPSec Connection

  • Go to IP connections -> Click Add
  • Enter name for IPSec Policy
  • In Connection type: Choose Site-to-site
  • In Gateway type: Choose Response only
  • In Policy: Choose policy that was created before
  • In Authentication type: Choose Preshared key
  • In Preshared key: Enter preshared key that is the same with SonicWall
  • In Listening interface: Choose WAN interface of Sophos
  • In Gateway address: Enter IP WAN of SonicWall
  • In Local subnet: Choose Sophos LAN that was created before
  • In Remote subnet: Choose SonicWall LAN that was created before
  • Click Save

Check the result

  • Click in Active and Connection icon on Sophos
  • On SonicWall

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.