Posted in

Sonicwall

To configure a site-to-site VPN with static routing between AWS and a SonicWall device running version 7 or later, you can follow these detailed steps:
### On AWS Side
1. **Create a Virtual Private Gateway (VGW)**:
   – Go to the VPC Dashboard in the AWS Management Console.
   – Select **Virtual Private Gateways** and click **Create Virtual Private Gateway**. Name it and attach it to your VPC.
2. **Create a Customer Gateway (CGW)**:
   – Navigate to **Customer Gateways** in the VPC Dashboard.
   – Click **Create Customer Gateway**, provide a name, select static routing, and enter the public IP address of your SonicWall device.
3. **Create a VPN Connection**:
   – Go to **VPN Connections** and click **Create VPN Connection**.
   – Choose the VGW and CGW created earlier, and specify the static IP prefixes of your local network.
   – Download the configuration file for the SonicWall device.
### On SonicWall Side
1. **Create Address Objects**:
   – Go to **Network > Address Objects**.
   – Create an address object for the AWS VPC CIDR block.
2. **Create a VPN Policy**:
   – Navigate to **VPN > Settings** and click **Add**.
   – Configure the policy as follows:
     – Policy Type: Site to Site
     – Authentication Method: IKE using Preshared Secret
     – Name: AWS VPN
     – IPsec Primary Gateway Name or Address: Public IP address of the AWS VPN endpoint (from the configuration file)
     – Shared Secret: The shared secret from the AWS VPN configuration file
3. **Configure IKE Phase 1 and Phase 2 Proposals**:
   – IKE Phase 1:
     – Exchange: Main Mode
     – DH Group: Group 2
     – Encryption: AES-256
     – Authentication: SHA-1
     – Life Time: 28800 seconds
   – IKE Phase 2:
     – Protocol: ESP
     – Encryption: AES-256
     – Authentication: SHA-1
     – Enable Perfect Forward Secrecy: Yes
     – DH Group: Group 2
     – Life Time: 3600 seconds
4. **Network Settings in VPN Policy**:
   – In the **Network** tab of the VPN policy:
     – Local Networks: Select the local network object.
     – Destination Networks: Select the AWS VPC address object.
5. **Configure Static Routing**:
   – Go to **Network > Routing** and add a new route:
     – Source: Any
     – Destination: AWS VPC
     – Service: Any
     – Interface: Choose the VPN tunnel interface.
     – Metric: 10
6. **Enable and Test the VPN**:
   – Enable the VPN policy.
   – Ensure that the VPN connection is established and traffic is routing correctly between your local network and AWS VPC.
### Troubleshooting
– Ensure that the IKE Phase 1 and Phase 2 lifetimes match on both the SonicWall and AWS configurations to prevent connection drops.
– Configure Dead Peer Detection (DPD) on both ends to maintain the tunnel.
– Use constant bidirectional traffic to prevent idle timeouts on the VPN tunnel..
Further you can read the articles from following sites.

Leave a Reply

Your email address will not be published. Required fields are marked *