---
title: "Setting up site-to-site on SonicWall"
slug: "site-to-site-sonicwall"
description: "Site-to-Site creation is required to create a new VPN policy.If your device/service supports SHA256 and DH group 14, it is recommended to use these settings instead."
updated: 2026-05-07T09:04:07Z
published: 2026-05-07T09:04:07Z
canonical: "help.nordlayer.com/site-to-site-sonicwall"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://help.nordlayer.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Setting up site-to-site on SonicWall

**Note**: If your device/service supports SHA256 and DH group 14, it is recommended to use these settings instead.

## Creating objects in SonicWall

1. Go to Objects in SonicWall
2. Go to Address Object
3. Select Add
4. Add the IP of your NordLayer server with a dedicated IP

![01 Setting up site-to-site on SonicWall.png](https://cdn.document360.io/fc1049cd-8f71-4b89-b9b8-dbca9fdcdd16/Images/Documentation/01%20Setting%20up%20site-to-site%20on%20SonicWall.png)

- **Name**: Give the object a name "NordLayer-Gateway"
- **Zone Assignment**: VPN
- **Type**: Host
- **IP Address**: Put the IP of your NordLayer server with a dedicated IP

1. Add NordLayer Subnet Network (10.6.0.0)

![02 Setting up site-to-site on SonicWall.png](https://cdn.document360.io/fc1049cd-8f71-4b89-b9b8-dbca9fdcdd16/Images/Documentation/02%20Setting%20up%20site-to-site%20on%20SonicWall.png)

- **Name**: Give the object a name: "NordLayer-Network"
- **Zone Assignment**: VPN
- **Type**: Network
- **Network**: put 10.6.0.0
- **Netmask/Prefix Length**: put 255.255.240.0

## Access Rule

1. Go to Policy:-> Rules
2. Select Add
3. First Rule to add: VPN to WAN

![03 Setting up site-to-site on SonicWall.png](https://cdn.document360.io/fc1049cd-8f71-4b89-b9b8-dbca9fdcdd16/Images/Documentation/03%20Setting%20up%20site-to-site%20on%20SonicWall.png)

- **Policy Name**: NordLayer-WAN
- **Action**: Allow
- **From**: VPN
- **To**: WAN
- **Source Port**: Any
- **Service**: Any
- **Source**: NordLayer-Gateway object
- **Destination**: Your external internet interface object
- Select **Add**.

## Second Rule: VPN to LAN

![04 Setting up site-to-site on SonicWall.png](https://cdn.document360.io/fc1049cd-8f71-4b89-b9b8-dbca9fdcdd16/Images/Documentation/04%20Setting%20up%20site-to-site%20on%20SonicWall.png)

- **Policy Name**: NordLayer-LAN
- **Action**: Allow
- **From**: VPN
- **To**: LAN
- **Source** Port: Any
- **Service**: Any
- **Source**: NordLayer: Network object
- **Destination**: Your internal subnet object
- Select **Add**.

## Site-to-Site creation

1. Go to VPN
2. Under Base Settings add VPN Policy; Open General Tab:

![05 Setting up site-to-site on SonicWall.png](https://cdn.document360.io/fc1049cd-8f71-4b89-b9b8-dbca9fdcdd16/Images/Documentation/05%20Setting%20up%20site-to-site%20on%20SonicWall%281%29.png)

### Security Policy

- **Policy Type**: Site to Site
- **Authentication Method**: IKE using Preshared Secret
- **Name**: Give it name ex. "NordLayer-Office"
- **IPsec Primary Gateway Name or Address**: put your NordLayer gateway address
- **IPsec Secondary Gateway Name or Address**: leave blank

### IKE Authentication

- **Shared Secret**: generate a key (we will also need this value on our end)
- **Confirm Secret**: put the secret again
- **Local IKE ID**: "IPv4 Address: put your public office IP address
- **Peer IKE ID**: "IPv4 Address:" put the IP of your NordLayer server with a dedicated IP

## Network Tab

![06 Setting up site-to-site on SonicWall.png](https://cdn.document360.io/fc1049cd-8f71-4b89-b9b8-dbca9fdcdd16/Images/Documentation/06%20Setting%20up%20site-to-site%20on%20SonicWall.png)

### Local Networks

- Select a local network from the list: choose your local network object

### Remote Networks

- Select the destination network from the list: choose NordLayer-Network object

## Proposals Tab

![07 Setting up site-to-site on SonicWall copy.png](https://cdn.document360.io/fc1049cd-8f71-4b89-b9b8-dbca9fdcdd16/Images/Documentation/07%20Setting%20up%20site-to-site%20on%20SonicWall%20copy.png)

### IKE (Phase 1) Proposal

- **Exchange**: Main Mode
- **DH Group**: Group 2 (Group 14 recommended if your device supports it)
- **Encryption**: AES-256
- **Authentication**: SHA1 (SHA256 recommended if your device supports it)
- **Life Time (seconds)**: 28800

### IPsec (Phase 2) Proposal

- **Protocol**: ESP
- **Encryption**: AES-256
- **Authentication**: SHA1 (SHA256 recommended if your device supports it)
- Mark **v** for "Enable Perfect Forward Security"
- **DH Group**: Group 2 (Group 14 recommended if your device supports it)
- **Life Time (seconds)**: 3600

## Advanced Tab

![08 Setting up site-to-site on SonicWall.png](https://cdn.document360.io/fc1049cd-8f71-4b89-b9b8-dbca9fdcdd16/Images/Documentation/08%20Setting%20up%20site-to-site%20on%20SonicWall.png)

### Advanced Setting

1. Mark v in Enable Keep Alive.
2. Select OK to create the new VPN Policy

![09 Setting up site-to-site on SonicWall.png](https://cdn.document360.io/fc1049cd-8f71-4b89-b9b8-dbca9fdcdd16/Images/Documentation/09%20Setting%20up%20site-to-site%20on%20SonicWall.png)

Make sure the new Policy you created is enabled. You can select the play button right to the Currently Active VPN Tunnels and you should see that your new tunnel is up. If the tunnel won't start you should go to Event Logs and look for errors regarding the new VPN policy you created.

## Ending note:

In order to finalize the site-to-site tunnel, please create a setup in [Sites tab of the NordLayer Control Panel](/v1/docs/site-to-site).

- Pre-shared key - you can generate it or we can provide it
- Encryption  details (AES, SHA and DH group) - AES256, SHA256 and DH group 14 are recommended (also must support [IKEv2](https://nordlayer.com/learn/vpn/ikev2/))
- Remote gateway/router public IP (must be reachable while connected to the server with a dedicated IP)
- Remote subnet and mask (the subnet is used in your local network)

**Note**: In case you are experiencing different results, make sure that you have you carefully gone through all the steps. Having said that, in case the issue persists please feel free to contact our [24/7 customer support team](/docs/how-do-i-contact-nordlayer-customer-support).