Linksys BEFVP41 / BEFSX41 to SonicWall
"Box to Box"

SonicWALL VPN SA Setup:
1. Security Association: Add New SA

2. IPSec Keying Mode: IKE using Preshared Secret

3. Name:The WAN MAC Address of the LinkSYS
              No dashes !

4. Disable This SA: Uncheck

5. IPSec Gateway Address: 0.0.0.0/LINKSYS WANIP
        0.0.0.0 if Linksys is Dynamic
        Or Linksys WAN IP if Linksys is static

6. Phase 1 DH Group: Group 1

7. SA Life time (secs): 28800

8. Phase 1 Encryption/Authentication:
        DES & MD5

9. Phase 2 Encryption/Authentication:
        ESP 3DES HMAC MD5

10. Shared Secret: Same as on the LinkSYS

11. Specify destination networks below: Checked

12. Click Add New Network

13. Edit VPN Destination Network
        Linksys Network: 192.168.2.0
        Subnet mask: 255.255.255.000


Click Summary Tab
To see if tunnel is connected ---->


LinkSYS VPN Tunnel Setup:
1. Name: Unique Firewall Identifier of SonicWALL

2. Local Secure Group:
        Subnet: LinkSYS Subnet (192.168.1.0)
        Mask: LinkSYS Subnet Mask (255.255.255.0)

3. Remote Secure Group:
        Subnet IP: SonicWALL Subnet (10.0.0.0)
        Mask: SonicWALL Subnet Mask (255.255.255.0)

4. Remote Secure Gateway: WAN IP of the SonicWALL

5.Encryption: DES

6. Authentication: MD5

7. Key Management: Auto. (IKE)

8. PFS (Perfect Forward Secrecy): Unchecked

9. Pre-Shared Key: SAME as on SonicWall

10. Key Lifetime: 28800

11. Click the Advanced Setting




LinkSYS Advanced Settings for Selected IPSec Tunnel
12.Tunnel 1:
        Phase 1: Operation mode:
        Check Aggressive mode
        Check Username: LinkSYS WAN MAC Address
                 (no dashes !)This is very important.

13. Proposal 1:
        a.Encryption: DES
        b.Authentication: MD5
        c.Group: 768-bit
        d.Key Lifetime: 28800

14.Phase 2: Proposal:
         a. Encryption: DES
         b. Authentication: MD5
         c. PFS: OFF
         d. Group: 768-bit
         e. Key Lifetime: 28800

15. Other Options:
         a. NetBIOS Broadcast - UNchecked
         b. Anti-replay Unchecked
         c. Keep-Alive Unchecked (might want to enable)
         d. If IKE failed more than _ times,
                 block this unauthorized IP
                 from _ seconds Unchecked

16. Click Apply

17. Click CONNECT

18. STATUS should show connected