AWS Site to Site VPN / SonicWall Tunnel Configuration

cameron_chapman

Hi all,

I am having problems setting up a site-to-site VPN with our AWS VPC and an enduser using SonicWall router, and I am having difficulty understanding exactly how to configure the two pieces. If anyone could take a chance to look at the information below, I would be thankful for guidance on how/what information to send to our enduser to get them connected up!

On our AWS side, we have the following configuration:

Public IP: 1.1.1.1 (obv hidden for these purposes)

Inside IP CIDR: 169.254.123.216/30

Once connected, I would like them to access my VPC on 10.20.0.0/16, more specifically access a server on a specific IP 10.20.5.99.

What information would I pass along, along with the passphrase/VPN public addresses to help hook up a SonicWall router to our site-to-site VPN, and set up the appropriate tunnel to pass along the traffic to the appropriate subnet/ec2 instance once connected?

shiprasahu93

@cameron_chapman,

Welcome to the SonicWall community.

Kindly inform them to create a numbered tunnel interface route-based VPN. Also, mention the phase 1 and phase 2 proposals along with the passphrase, VPN peer address, and the network IDs.

So, basically, they need to use 169.254.123.216/30 as the tunnel interface IP and 10.20.0.0/16 as the remote network on the SonicWall end.

We also support integration with AWS. Kindly take a look at this KB below.

https://www.sonicwall.com/support/knowledge-base/aws-integration-with-sonicwall-sonicos-6-5-x/181024232124532/

I hope this helps!

Thanks!

shiprasahu93

@cameron_chapman ,

The remote network that is 10.20.0.0/16 is added in the destination field of the static route that you would need to create for this VPN. The 169.254.123.216/30 as the tunnel interface IP can be added from MANAGE | Network | Interfaces section as per the screenshot below.

I hope this helps!

Thanks!

[Deleted User]

Hi @cameron_chapman,

Were we able to help answer your question? If so please mark the response that helped you so others can find it.

Thank you

cameron_chapman

https://community.sonicwall.com/technology-and-support/discussion/comment/6153#Comment_6153

Hi @shiprasahu93, thanks for answering this! This project was on hold for awhile but we got back to it and still had a couple questions.

Where exactly would the configure the remote network address in the sonic wall configuration? We were able to add the 169.254.123.216/30 as the tunnel interface ip but didn't see where we would enter that remote network address.

Do we do that via a static route or where exactly in the config would that get configured?

We're using a Sonicwall NSA 2650 : SonicOS Enhanced 6.5.4.7-83n.

cameron_chapman

https://community.sonicwall.com/technology-and-support/discussion/comment/6153#Comment_6153

Hi @shiprasahu93, this project was on hold for awhile but we got back to it and still had a couple questions.

Where exactly would the configure the remote network address in the sonic wall configuration? We were able to add the 169.254.123.216/30 as the tunnel interface ip but didn't see where we would enter that remote network address.

Do we do that via a static route or where exactly in the config would that get configured?

We're using a Sonicwall NSA 2650 : SonicOS Enhanced 6.5.4.7-83n.

cameron_chapman

@shiprasahu93 we were able to get it working! Thank you so much for your help 😁

shiprasahu93

Amazing. Glad I could help! Have a good one!