VMware allows the Enterprise users to define and configure a Non SD-WAN Destination instance and establish a secure IPsec tunnel to a Non SD-WAN Destination through a SD-WAN Gateway.
To configure a Non SD-WAN Destinations via Gateway:
- From the navigation panel in the SD-WAN Orchestrator, go to Configure > Network Services.
The Services screen appears.
- In the Non SD-WAN Destinations via Gateway area, click the New button.
The New Non SD-WAN Destinations via Gateway dialog box appears.
- In the Name text box, enter a name for the Non SD-WAN Destination.
- From the Type drop-down menu, select an IPsec tunnel type.
VMware supports the following Non SD-WAN Destination type configurations through SD-WAN Gateway:
- AWS VPN Gateway
Note: AWS VPN Gateway is new in the 4.3 release. In addition, Customers can use different primary Public IPs and Secondary Public IPs for NVS Gateways for AWS.
- Check Point
- Cisco ASA
- Cisco ISR
- Generic IKEv2 Router (Route Based VPN)
- Microsoft Azure Virtual Hub
- Palo Alto
- Zscaler Government Cloud
- Generic IKEv1 Router (Route Based VPN)
- Generic Firewall (Policy Based VPN)
Note: VMware supports both Generic Route-based and Policy-based Non SD-WAN Destination from Gateway.
- AWS VPN Gateway
- Enter an IP address for the Primary VPN Gateway (and the Secondary VPN Gateway if necessary), and click Next.
A Non SD-WAN Destination is created.Note: To support the datacenter type of Non SD-WAN Destination, besides the IPsec connection, you will need to configure Non SD-WAN Destination local subnets into the VMware system.
What to do next
- Configure tunnel settings for your Non SD-WAN Destination. For more information about configuring tunnel settings for various IPsec tunnel types, see the following sections:
- Associate your Non SD-WAN Destination to a Profile. For more information, see:
- Configure Business Policy. (Configuring Business Policy is not mandatory for this feature, but if you are going to configure it and would like information, see Create Business Policy Rules.