Configure site-to-site IPSec VPN in Grandstream Router GWN700X behind NAT (SonicWall)

site-to-site IPSec in Grandstream Router GWN700X behind NAT (SonicWall)

Description

This article describes the site-to-site IPSec configurations in Grandstream router GWN700x series when it is behind NAT (SonicWall).

How It Works

IPSec needs to check the Peer’s ID during authentication. The Grandstream router GWN700x uses the IP address of the WAN port as the IKE ID (Local ID/Remote ID) by default. If the router is behind NAT (eg SonicWall in this case), the Local ID and Remote ID must be filled in.

Figure 1. The Remote ID and Local ID must be filled in and matched between 2 routers
Figure 2 The Remote ID and Local ID must be filled in and matched between 2 routers

How to establish IPSec with SonicWall

By default, the router uses WAN’s IP and remote server address IP as Peer and Remote ID, and the ID type is ‘IPv4 Address’ as default. Make sure that the user sets Local IKE ID and Peer IKE ID with the type ‘IPv4 Address’, and Peer IKE ID must be the GWN7001’s WAN’s IP in SonicWall’s IPSec VPN > Rules and Settings Page.

Figure 3 SonicWall’s IPSec VPN > Rules and Settings Page