Professional Documents
Culture Documents
This article describes a detailed configuration example that demonstrates how to configure
net-to-net IPSec VPN tunnel between a Cyberoam and SonicWall using Certificates to
authenticate VPN peers.
It is assumed that the reader has a working knowledge of Cyberoam and SonicWall appliance
configuration.
Prerequisite: Set same Date and Time on both the peers. Refer to Cyberoam Console
Guide for setting Date and time.
Throughout the article we will use the network parameters as shown in the diagram below.
How To – Establish VPN tunnel between Cyberoam and Sonicwall using Certificate
Cyberoam Configuration
Step 1. Generate Local Certificate
Go to VPN → Certificate → New Certificate and click Self Signed Certificate to create
certificate. Create certificate with the following value:
Step 3. Download Certificate generated in step 2 and forward to the Remote user
Go to VPN → Certificate → Manage Certificate and click Download against the SW_cert.
Certificate is downloaded in tar.gz format. One can unzip the file using winzip or winrar.
Local ID – Automatically displays ID specified in the Local certificate created in step 1 i.e.
john@elitecore.com
under the Connection status indicates that the connection is successfully activated
Note
At a time only one connection can be active if both the types of connection - Digital Certificate
and Preshared Key - are created with the same source and destination. In such situation, at
the time of activation, you will receive error ‘unable to activate connection’ hence you need to
deactivate all other connections.
How To – Establish VPN tunnel between Cyberoam and Sonicwall using Certificate
SonicWall Configuration
Step 6. Obtain and Upload Remote Certificate created in Cyberoam
Unzip Certificate received from the Remote user i.e. Cyberoam and extract Password.txt and
.p12 file
Go to System → Certificates and specify following values:
Select ‘Import a local end-user certificate with private key from a PKCS#12 (.p12 or .pfx)
encoded file
Certificate name: As required
Certificate Management Password: As specified in the Password.txt file
Please select a file to import: Using Browser select .p12 file from folder in which the zip file is
extracted
Certificate list will include Certificate CA and Certificate, if certificate is imported successfully.
Step 7. Add Address Object to define remote network that is to be connected via VPN tunnel
Go to Network → Address Object and click ADD under Address Objects and create with the
following values:
Name: CR_LAN
Zone: VPN
Type: Network
Network: 8.8.8.0 i.e. defined as Internal Network in Cyberoam
Mask: 255.255.255.0 i.e. subnet mask for the above network
To establish the connection/tunnel, click under Connection Status against the CR_SW
connection
Points to be noted
• Connection can be initiated from either of the peers provided connection is ‘Active’ in
Cyberoam
• If you try to connect from Cyberoam when the SonicWall VPN policy is not enabled,
Cyberoam will display ‘Unable to establish connection’ message.
• One can re-establish connection from SonicWall by enabling the VPN policy manually
only if connection is ‘Active’ in Cyberoam
Reference Documents
• VPN Troubleshooting Guide
• Cyberoam Console Guide