How do I configure my firewall for compatibility with Site-to-Site VPN on the Datto DNA?

Follow

Question

How do I configure my firewall for compatibility with the Datto Networking Appliance's Site-to-Site VPN feature?

Environment

  • Datto Networking Appliance (DNA)
  • Site-to-Site VPN

Answer

Use the following settings to configure your firewall. The examples shown use a Sonicwall device; certain settings may be named differently or appear in different areas of the UI depending on the brand of device used in your environment.

Environment

  • Policy Type: Select Site to Site
  • Authentication Method: Select IKE using Preshared Secret
  • Name: Use the internal IP address of the DNA
  • IPsec Primary Gateway Name or Address: Enter the primary gateway name or address used in your environment
  • Shared SecretEnter the IKE Authentication Shared Secret key
  • Local IKE ID Peer IKE ID: Enter the address scheme and IDs for both values

Figure 1: General settings as shown on a Sonicwall router

Figure 2: Network settings as shown on a Sonicwall router

Proposals

  • IKE (Phase 1)
    • Exchange: Main Mode
    • DH Group: Group 14
    • Encryption: AES-128
    • Authentication: SHA1
    • Life Time (seconds): 28800

  • IPsec (Phase 2)
    • Protocol: ESP
    • Encryption: AES-128
    • Authentication: SHA1 - enable Perfect Forward Secrecy
    • DH Group: Group 14
    • Lifetime (seconds): 28800

Figure 3: Proposals settings as shown on a Sonicwall router

Advanced

  • Keep Alive: Enabled
  • VPN Policy bound to: Select Interface X2.

Figure 4: Advanced settings as shown on a Sonicwall router

 

Additional Resources


Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Want to talk about it? Head on over to our Community Forum!