Site to Site VPN
Asif_Iqbal Newbie ✭
So I am new to sonicwalls and need to create a site to site VPN. I have the instructions from the other side and need the VPN to connect to one of our servers only.
What is the best way to do this please?
Sonicwall NSa 4650
Category: Mid Range Firewalls
Asif_Iqbal Newbie ✭
@BWC no worries - we all have days like this :). I'll check this now and save.
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
@Asif_Iqbal do you know how to create a VPN Tunnel? If not check the following KB-Article.
To allow only the needed access, you have to uncheck " Suppress automatic Access Rules creation for VPN Policy" on the Advanced Tab of your VPN Policy. This denies any traffic per default and you have to create an Access Rule from VPN to LAN allowing the access to the Resource.
Thanks for your reply. I have seen the article you have mentioned. I have gone through the OS 6.5 setup. However, I do not know if what I have setup is correct for the other party to access the required server only.
@Asif_Iqbal is the other party running a SonicWall as well? The Access Rules are straight forward if you have your Tunnel up and running.
Remote Side: Local Net -> Your Server / Service - Allow
Local Side: (VPN to LAN) Remote Net -> Your Server / Service - Allow
Just check the mentioned Advanced Setting, this will avoid the Default Rule.
@BWC the other side is a Cisco ASA. Thanks for the pointers. I'll check this out shortly.
@BWC I have created the VPN section and Address Objects from my side. I am waiting for the other party to complete their side. I tried to create a Rule for this as described in your above message. However, this did not apply - "Error - Policy Action: Rule overlap, rule not added". Is this due to the VPN not being active at the moment?
@Asif_Iqbal do you mind sharing a Screenshot of your Access Rules from VPN to LAN? Maybe there is a conflicting Default Rule, you can check the origin of the rule by hovering over the little bubble.
@BWC - apologies Michael, it looks like the rule has Auto Added.
My only concern is I have setup my side as HOST rather than a network as I want access to 1 server only.
You did not unchecked "Suppress automatic Access Rules creation for VPN Policy" as I suggested, this is the resulting Default Access Rule for your VPN Tunnel.
If the Rule fits your need you're good to, but if you change later on the Local or Remote Networks in your Tunnel it might have unwanted side effects. Therefore I suggest to uncheck the automatic creation and define manually what you like.
@BWC it is unticked as you first suggested
I made sure before I setup the VPN Policy.
@Asif_Iqbal I'am stupid sometimes, it has to be checked not unchecked ... I was not really into this with my head, busy day, sorry for the confusion. We need to Suppress the automatic creaton, therefore it needs to be checked.