User's Manual Part 4

VPN Page 33

The file can be saved to a floppy disk or sent electronically to remote users to configure their Global VPN

Clients.

Site to Site VPN Configurations

When designing VPN connections, be sure to document all pertinent IP Addressing information and

create a network diagram to use as a reference. A sample planning sheet is provided on the next page.

The SonicWALL must have a routable WAN IP Address whether it is dynamic or static.

Be sure that the networks behind the SonicWALLs are unique. The same subnets cannot reside behind

two different VPN gateways.

In a VPN network with dynamic and static IP addresses, the VPN gateway with the dynamic address must

initiate the VPN connection.

Site to Site VPN Configurations can include the following options:

• Branch Office (Gateway to Gateway) - A SonicWALL is configured to connect to another Son-

icWALL via a VPN tunnel. Or, a SonicWALL is configured to connect via IPSec to another manufac-

turer’s firewall.

• Hub and Spoke Design - All SonicWALL VPN gateways are configured to connect to a central Son-

icWALL (hub), such as a corporate SonicWALL. The hub must have a static IP address, but the

spokes can have dynamic IP addresses. If the spokes are dynamic, the hub must be a SonicWALL.

• Mesh Design - All sites connect to all other sites. All sites must have static IP addresses.