Router Product Data Sheet
Page 3 | AlliedWare™ OS How To Note: VPNs with SonicWALL routers
The network
This example illustrates a NAT-T solution, which you need when one or both of the routers
are behind a NAT device such as some xDSL and cable modems. In this example, an Allied
Te l e s i s A R 4
1
5S router is behind a NAT device. The following diagram shows the LANs and
their interfaces and addresses.
Note: You can still use this example if you have no NAT device between the Allied Telesis
router and the Internet, or if you have a NAT device between the SonicWALL router and the
Internet, with slight alterations. See "Appendix: Using this example if you don’t have a NAT
device in the same position" on page 31 for details.
Initiating the
tunnel from
either end
In this example, you can only initiate the tunnel from the Allied Telesis end, not the
SonicWALL end. If you want to let the SonicWALL initiate the VPN too, you have to
configure your NAT device to allow it. To do this, set up pinholes (allow rules) on the NAT
device to allow through UDP traffic on ports 500 and 4500.
vlan1:
192.168.1.1
eth0:
192.168.254.1/30
Allied Telesis
router
192.168.254.2/30
100.100.100.1/30
NAT device
SonicWALL
router
Internet
WAN:
200.200.200.1/30
workstation:
192.168.1.100 by
automatic address
assignment
VLAN:
192.168.2.1
workstation:
192.168.2.100 by
automatic address
assignment
VPN
tunnel
200.200.200.2/30
100.100.100.2/30
at-sonic.eps