How to configure a site-to-site Small Business VPN in aggressive mode
How to configure a site-to-site VPN
A site-to-site VPN connection lets branch offices use the Internet as a conduit for accessing the main office’s intranet. A site-to-site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the Internet.
In this video I will show you how to correctly and securely interconnect two remote locations to enable remote users to securely use a single server over an aggressive VPN link.
In the process of planning your site to site VPN implementation, you will have to ask yourself a few questions:
1 – Does one or both ends of has a dynamic public IP address? If so, you will have to use an aggressive mode VPN.
2 – Does both ends of the VPN connection have similar brand VPN routers (similar encryption options, if not you will have to decide on the device’s matching options?)
In Main mode, the Phase 1 parameters are exchanged in multiple rounds with encrypted authentication information
In Aggressive mode, the Phase 1 parameters are exchanged in a single message with unencrypted authentication information.
Main mode is more secure. Aggressive mode might not be as secure as Main mode, but it is faster than Main mode. Aggressive mode is typically used for remote access VPNs or if one or both peers have dynamic external IP addresses.
I am interconnecting 2 locations, one in Mexico and the other one in USA
In this case we will have to use an aggressive VPN connection since one of my branch offices (in QUERETARO) does not have a static public IP address.
Since we will be configuring 2 SonicWall Devices, let’s name them QUERETARO (dynamic IP) and RA (Static IP)
Configuration on the dynamic side (RA in my case)
Click on VPN on the left-hand side menu and then click on Basic Settings
On the next screen you will find the already configured VPN connections and you will be able to add a new one,
Click on the Add button to add a new site-to-site VPN