This will probably cause those tunnels to reestablish so it'd probably be better to hold off on changing it until after hours (and probably wouldn't hurt to have someone on the other end "just in case" to switch it back if need be). Once you have them set up you will switch the Remote Network you currently have specified at those locations to the new address groups you created at each end. HIK LAN on the NW LAN firewall and an address group that has both theįirewall. In order to get the routing working right you'll want to set up an address group that has both the
Personally, I generally prefer Site to Site tunnels, but we just could not get a couple of our tunnels to come up under that setup so two out of our three VPN tunnels Policies are actually set up as Tunnel Interfaces. A Tunnel Interface on the other hand requires you to manually assign the routes you need yourself and may be required for more complex setups. Its Site to Site, is there any advantages of Tunnel Interface over Site to Site?Ī "Site to Site" tunnel will automatically handle all the necessary routing for you based on the local and remote networks you specify (via address objects) so it makes setting up tunnels (especially between two SonicWALLs) really easy and pretty hands-off. If it's Site to Site, well, we may have to get a little creative with the remote network address object definition. If they're a tunnel interface, you should see the name that you gave that tunnel in the Interfaces list. I forgot to ask earlier, are your existing VPN tunnels (NW LAN RN LAN and RN LAN HIK LAN) set up as "Site to Site" or "Tunnel Interface" for the Policy type.
0 kommentar(er)
