Create the Tunnel Interfaces. After creating the VPNs, you must create the tunnel interfaces. You will need information from the Pureport console, specifically the IP addressing for the Customer VTI IPs (virtual tunnel interfaces IP addresses) for each VPN. From the SonicWall device, in the System Setup menu, select Network > Interfaces.
RESOLUTION: Log into the SonicWall on main site. Navigate to Manage | Connectivity | VPN | Base Settings and click Add . The General tab of Tunnel Interface VPN named Navigate to System Setup | Network | Interfaces. Configure the tunnel with the local subnet of the remote site which needs to be The advantages of Tunnel Interface VPN (Static Route-Based VPN) between two SonicWall UTM appliances include: The network topology configuration is removed from the VPN policy configuration. More flexibility on how traffic is routed. With this feature, users can now define multiple paths for overlapping networks over a clear or redundant VPN. With latest SonicOS , the routing protocol can use a numbered tunnel interface to establish a routing session. Numbered tunnels require an interface in the VPN zone using an IP address from a private subnet. This numbered tunnel interface can be used for the routing protocol session. After a numbered tunnel interface is added to the interface list, a static route policy can use it as the interface in a configuration for a static route based VPN. Select Tunnel Interface from Network | Interfaces. Create Tunnel Interface for the specified VPN Policy and assign an static IP address. The IP address of that interface is used as the source address of the tunnelled packet and routing updates. NOTE: The Tunnel Interface will now be part of Network | Interfaces as seen in following as TI2. Select Advanced Routing in Routing mode and VPN Tunnel Interface TI2 is part of the list to be configured for RIP and/or OSPF. Navigate to Network | Routing , in Routing Mode select Advanced Routing and click OK to the warning popup. To Configure OSPF for the VPN Interface, click Configure OSPF icon. Enable OSPF from the OSPF drop down menu and select OK. Resolution for SonicOS 6.5 Step 1: Configure the Tunnel Interface VPN Policy on each unit. This is done under Manage |VPN | Base Settings. On the Step 2: Create routes on each unit. This can be done under Network | Routing. Options include Route-All VPN (all Step 3: On the Remote site, enable
Tunnel interface offloads that configuration from source network to destination network to a route policy. Tunnel interface also has the ability to turn on advanced routing, which utilizes either RIP or OSPF routing protocols. In the Advanced tab of a tunnel interface policy, you will find a check box for advanced routing.
We have a client with a TZ 400 running SonicOS Enhanced 126.96.36.199-20n. Earlier today, their VPN connection to AWS stopped working. When investigating, I noticed that the VPN Tunnel interfaces were no longer listed in the Interface Settings in the SonicWall.
VPN Tunnel: SonicWall Select Allow inbound Select Allow outbound; Select OK. To create a firewall policy for the VNP traffic going from the SonicWall device to the FortiGate unit. Go to Firewall > Policy. Select Create New and set the following: Source Interface: WAN1 (or external) Source IP address: SonicWall_network Destination Interface
For appliances running SonicOS versions 5.6 and higher, VPN Tunnel Interfaces can be configured for advanced routing. To do so, you must enable advanced routing for the tunnel interface on the Advanced tab of its configuration. See Generic VPN Configuration in SonicOS Enhanced for more information. Route Based VPN configuration is a two-step process. The first step involves creating a Tunnel Interface. The crypto suites used to secure the traffic between two end-points are defined in the Tunnel Interface. The second step involves creating a static or dynamic route using Tunnel Interface. create a static route using the tunnel as the interface. Your source will be an address group of all subnets you want to provide access to on your main site, and your destination will be a group address object with all of your subnets from the remote site. You will need to create these, when you add the network use the vpn zone. To manage the local SonicWALL through the VPN tunnel, select HTTPS, SSH, SNMP, or any combination of these three from Management via this SA. Select HTTP , HTTPS , or both in the User login via this SA to allow users to login using the SA.