How do I configure my firewall for compatibility with Site-to-Site VPN on the Datto DNA?

Follow

Question

How do I configure my firewall for compatibility with the Datto Networking Appliance's Site-to-Site VPN feature?

Environment

  • Datto Networking Appliance (DNA)
  • Site-to-Site VPN

Answer

Use the following settings to configure your firewall. The examples shown use a Sonicwall device; certain settings may be named differently or appear in different areas of the UI depending on the brand of device used in your environment.

Environment

  • Policy Type: Select Site to Site
  • Authentication Method: Select IKE using Preshared Secret
  • Name: Use the internal IP address of the DNA
  • IPsec Primary Gateway Name or Address: Enter the primary gateway name or address used in your environment
  • Shared SecretEnter the IKE Authentication Shared Secret key
  • Local IKE ID Peer IKE ID: Enter the address scheme and IDs for both values

Figure 1: General settings as shown on a Sonicwall router

Figure 2: Network settings as shown on a Sonicwall router

Proposals

  • IKE (Phase 1)
    • Exchange: Main Mode
    • DH Group: Group 14
    • Encryption: AES-128
    • Authentication: SHA1
    • Life Time (seconds): 28800

  • IPsec (Phase 2)
    • Protocol: ESP
    • Encryption: AES-128
    • Authentication: SHA1 - enable Perfect Forward Secrecy
    • DH Group: Group 14
    • Lifetime (seconds): 28800

Figure 3: Proposals settings as shown on a Sonicwall router

Advanced

  • Keep Alive: Enabled
  • VPN Policy bound to: Select Interface X2.

Figure 4: Advanced settings as shown on a Sonicwall router

 

Additional Resources


Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Calling all Partners! We want to hear your feedback! Please participate in this quick survey and help us build a better, more-relevant Knowledge Base!

Want to talk about it? Head on over to our Community Forum!