How To Establish VPN Tunnel between Cyberoam and Sonicwall using Preshared key

How To Establish VPN Tunnel between Cyberoam and Sonicwall using Preshared key
Applicable to Version: 9.4.0 build 2 onwards This article describes a detailed configuration example that demonstrates how to configure net-to-net IPSec VPN tunnel between a Cyberoam and SonicWall using Preshared Key to authenticate VPN peers. It is assumed that the reader has a working knowledge of Cyberoam and SonicWall appliance configuration. Throughout the article we will use the network parameters as shown in the diagram below.

Cyberoam Configuration
Step 1: Create IPSec connection Go to VPN IPSec Connection Create Connection and create connection with the following values: Connection name: cr_2_sw Policy: Default Policy Action on restart: As required Mode: Tunnel Connection Type: Net to Net Authentication Type Preshared key

How To Establish VPN Tunnel between Cyberoam and Sonicwall using Preshared key

Preshared key Specify Preshared key. Forward this key to the remote peer (SonicWall) as same preshared key should be used by both the peers. In SonicWall, preshared key is called Shared Secret or Preshared Secret. Local server IP address (WAN IP address) 192.168.15.204 Local Internal Network 8.8.8.0/24 Local ID john@elitecore.com Remote server IP address (WAN IP address) 192.168.13.71 Remote Internal Network 172.18.1.0/24 Remote ID dean@elitecore.com (SonicWall) User Authentication Mode: As required Protocol: As required Step 2. Activate Connection and establish Tunnel Go to VPN IPSec Connection Manage Connection To activate the connection, click under Connection Status against the cr_2_sw connection

under Connection Status indicates that the connection is successfully activated

Note At a time only one connection can be active if both the types of connection - Digital Certificate and Preshared Key - are created with the same source and destination. In such situation, at the time of activation, you will receive error unable to activate connection hence you need to deactivate all other connections.

SonicWall Configuration
Step 3. Add Address Object to define remote network that is to be connected via VPN tunnel Go to Network Address Object and click ADD under Address Objects and create with the following values: Name: CR_LAN Zone: VPN Type: Network Network: 8.8.8.0 i.e. defined as Internal Network in Cyberoam Mask: 255.255.255.0 i.e. subnet mask for the above network Step 4. Create VPN Policy Go to VPN Settings and click ADD under VPN Policies A. Input following values in the General Tab fields: Authentication Method: IKE using Preshared Key Name: sonicwall_2_cyberoam IPsec Primary Gateway Name or Address: 192.168.15.204 i.e. WAN IP of Cyberoam

How To Establish VPN Tunnel between Cyberoam and Sonicwall using Preshared key

IPsec Secondary Gateway Name or Address: Blank Shared Secret: As required (As specified in Cyberoam IPSec connection) Confirm Shared Secret: Same as specified in Shared Secret field Mask Shared Secret: Enable Local IKE ID: Email Address: dean@elitecore.com (IKE of SonicWall) Peer IKE ID: Email Address: john@elitecore.com (IKE of Cyberoam) B. Input following values in the Network Tab fields: Under Local Networks Choose local network from list: LAN Subnets (Contains pre-defined object for LAN network) Under Destination Networks Choose local network from list: CR_LAN i.e. object created for Cyberoam network in step 1 C. Input following values in the Proposals Tab fields: IKE Phase I Proposal Exchange: Main Mode DH Group: 2 Encryption: 3DES Authentication: MD5 Life Tine (seconds): 3600 Ipsec (Phase 2) Proposal Protocol: ESP Encryption: 3DES Authentication: MD5 Enable PFS: Yes DH Group: 2 Life Time (seconds): 3600 VPN Policy is automatically enabled if created successfully. If SonicWall is able to establish connection with Cyberoam successfully then the connection/tunnel details will be displayed under Currently Active VPN Tunnels. Step 5. Establish Connection from Cyberoam Go to VPN IPSec Connection Manage Connection

To establish the connection/tunnel, click connection

under Connection Status against the cr_2_sw

under Connection Status indicates that the connection/tunnel is successfully established

How To Establish VPN Tunnel between Cyberoam and Sonicwall using Preshared key

Points to be noted Connection can be initiated from either of the peers provided connection is Active in Cyberoam If you try to connect from Cyberoam when the SonicWall VPN policy is not enabled, Cyberoam will display Unable to establish connection message. One can re-establish connection from SonicWall by enabling the VPN policy manually only if connection is Active in Cyberoam Reference Documents VPN Troubleshooting Guide

Document Version: 9402-1.0-08/12/2006