Home > Security Appliances > Site-to-site VPN > MX to Sonicwall Site-to-Site VPN Setup

MX to Sonicwall Site-to-Site VPN Setup

When setting up a non-Meraki Site-to-Site VPN between an MX Security Appliance and a Sonicwall the following settings should be used on the Sonicwall to get the tunnel up and running.   

General Tab

The settings configured on the General tab on the Sonicwall interface should follow the configuration below:

  • Policy Type: Site to Site
  • Authentication Method: IKE using Preshared Secret
  • Name: Enter a name the security policy will be displayed as on the Sonicwall
  • IPsec Primary Gateway Name or Address: Enter the public IP address of the MX.
  • IPsec Secondary Gateway Name or Address: Use the address "0.0.0.0"

 

  • Shared Secret: This should match the Preshared secret configured for this peer on the Configure > Site-to-site VPN page in Dashboard
  • Local IKE ID: Select "IP Address" and enter the public IP address of the Sonicwall.
  • Peer IKE ID: Select "IP Address" and enter the IP address configured on the MX's primary uplink. If the MX is relying on a cellular connection, use the IP address of the cellular modem.

Proposals Tab

The configuration of this page should match the phase 1 and 2 parameters as configured on the MX, if the MX is utilizing custom IPsec policies. If the MX is using the default parameters, then the settings configured on the Proposals tab should follow the configuration below, and match the screenshot provided:

  • Exchange: Main Mode
  • DH Group: Group 2
  • Encryption: 3DES
  • Authentication: SHA1
  • Life Time (seconds): 28800

 

  • Protocol: ESP
  • Encryption: 3DES
  • Authentication: SHA1
  • Enable Perfect Forward Secrecy: False, the box should be unchecked
  • Life Time (seconds): 28800

Additional Notes

  • On the Advanced tab, ensure the box for Enable Keepalive is checked.
  • Make sure that the remote subnets configured on Sonicwall exactly match the VPN subnets configured on the MX.

 

You must to post a comment.
Last modified
19:06, 10 Oct 2016

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Article ID

ID: 1299

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case