Sonicwall OSPF Route base VPN



NSA 2400, SonicOS

Wan IP:
Lan IP:
TK5 Tunnel IP(TI2):
NC1 Tunnel IP(TI3):


TZ300, SonicOS &

All Branch Lan Subnet in

Lan Subnet, Wan IP:, Tunnel IP:

Lan Subnet, Wan IP:, Tunnel IP:

Start to config

Office Sonicwall

Add all Branch Address Object
Branch Network VPN
NC1 Network VPN
TK5 Network VPN

Add Office group including Office vLan

Add VPN Policy

Add a new VPN Policy and change to Tunnel Interface

IPSec Primary Gateway enter NC1 WAN IP

Shared secret same with NC1

Office "Local IKE ID" equal NC1 "Peer IKE ID"
NC1 "Peer IKE ID" equal Office "Local IKE ID"

This lab are same in Local & Peer

SonicOS 5.9 default Phases 2 Encryption not the same with SonicOS 6.5

If NC1 configure correctly will show green light

Go to

Network -> Interfaces
Add Interface -> Tunnel Interface

This case enter a new Tunnel IP(TI3)

Add routing table

Enable OSFP let branch to learn every Lan subnet

OSPF Router-ID different then all Branch IP, this case we enter Lan IP:

Branch Sonicwall

Add Office vLan & a Branch Address Object
Branch Network VPN
Office10 Network VPN
Office192 Network VPN

do the same thing with office

Tunnel IP

Router ID can be Lan IP