So my business has had a Sonicwall TZ400 for a while now, and recently replaced it with a Unifi Dream Machine (for various reasons).
Unfortunately we can’t get our site-to-site IPSEC VPN to our ERP/hosting provider working on the Unifi device (I don’t have access to the remote side, and an hour of technical consulting with them lead no where…)
We will be moving away from that site-to-site VPN in the future, but for now I was wondering if it’d be possible to stick the sonicwall behind the unifi gateway and have the Sonicwall handle that site-to-site VPN? There’s one server that needs that VPN connection, though it also needs access to our default LAN here as well.
I’m a novice with networking, so just looking for advice/etc.
If it was me, I’ d set it in line on a spare public IP and lock it to ONLY allow IPsec to and from the other end, and set a static route on the server or the UDM for that ERP network to go out the SonicWall.
Sure thats possible connect the UTP cable to the LAN port of the SonicWall. Make sure you create a DHCP reservation (Unifi) or static IP config on SonicWall. Also forward UDP500/4500 to the IP address of the SonicWall. Create a static route on the Unifi for the remote subnet > SonicWall IP. Change the VPN policy bound to X0 (If this is your LAN) for the IPsec/S2S (SonicWall)
But I would say moving the S2S to the Unifi would be way easier.
Edit:
Thought this would be easy on UDM Pro but you need to SSH into the box. And create iptables.
Use an aggressive tunnel. I have it working behind nat devices at several locations
Is just switch the tunnel to aggressive mode and have the SonicWall natted behind the unifi. If the SonicWall is doing the keep alive you shouldn’t need to forward any ports. Set a route on the unifi for the VPN target network pointed to the SonicWalls LAN interface and you should be GTG. Easy.
Thanks for the suggestions/help everyone. Decided to simply set the Dream Machine aside for now, we should be done with needing the S2S VPN within a few months, so I’ll switch back to then.
and unless something has changed, anything done outside of the controller/web interface gets erased upon reboot