Seleccionar página

How to configure a site-to-site Small Business VPN in aggressive mode

A site-to-site VPN connection lets branch offices use the Internet as a conduit for accessing the main office’s intranet. A site-to-site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the Internet.

In this video I will show you how to correctly and securely interconnect two remote locations to enable remote users to securely use a single server over an aggressive VPN link.

In the process of planning your site to site VPN implementation, you will have to ask yourself a few questions:

1 – Does one or both ends of has a dynamic public IP address? If so, you will have to use an aggressive mode VPN.

2 – Does both ends of the VPN connection have similar brand VPN routers (similar encryption options, if not you will have to decide on the device’s matching options?)

In Main mode, the Phase 1 parameters are exchanged in multiple rounds with encrypted authentication information

In Aggressive mode, the Phase 1 parameters are exchanged in a single message with unencrypted authentication information.

Main mode is more secure. Aggressive mode might not be as secure as Main mode, but it is faster than Main mode. Aggressive mode is typically used for remote access VPNs or if one or both peers have dynamic external IP addresses.

I am interconnecting 2 locations, one in Mexico and the other one in USA

In this case we will have to use an aggressive VPN connection since one of my branch offices (in QUERETARO) does not have a static public IP address.

Since we will be configuring 2 SonicWall Devices, let’s name them QUERETARO (dynamic IP) and RA (Static IP)

Configuration on the dynamic side (RA in my case)

On the dynamic IP SonicWall (QUERETARO) in my case:


   Login to the SonicWall firewall interface with your administrator credentials

Click on manage at the top menu

Click on VPN on the left-hand side menu and then click on Basic Settings

On the next screen you will find the already configured VPN connections and you will be able to add a new one,

Click on the Add button to add a new site-to-site VPN

On the Dialog, on the General tab you will be able to configure the basics of your vpn connection, on the Field Name, enter a friendly name for the VPN connection, I will use RA for mine, in the “Shared Secret” field, enter the secret password required to authenticate both ends of the vpn link and confirm the secret on the below field, on the “IPsec Primary Gateway Name or Address” field enter the static public IP address or host name of the other end of the VPN, on the “Local IKE ID” field we would select Firewall identifier since the local SonicWall does not have a static IP or host name I can use on the “Peer IKE ID” field I am going to use the remote SonicWall (RA in this case) static public IP

Share This