VMware allows the Enterprise users to define and configure a Non SD-WAN Destination instance and establish a secure IPsec tunnel to a Non SD-WAN Destination through a SD-WAN Gateway.
To configure a Non SD-WAN Destinations via Gateway:
Procedure
From the navigation panel in the SD-WAN Orchestrator, go to Configure > Network Services.
The
Services screen appears.
In the Non SD-WAN Destinations via Gateway area, click the New button.
The
New Non SD-WAN Destinations via Gateway dialog box appears.
In the Name text box, enter a name for the Non SD-WAN Destination.
From the Type drop-down menu, select an IPsec tunnel type.
VMware supports the following
Non SD-WAN Destination type configurations through
SD-WAN Gateway:
AWS VPN Gateway
Note: AWS VPN Gateway is new in the 4.3 release. In addition, Customers can use different primary Public IPs and Secondary Public IPs for NVS Gateways for AWS.
Check Point
Cisco ASA
Cisco ISR
Generic IKEv2 Router (Route Based VPN)
Microsoft Azure Virtual Hub
Palo Alto
SonicWALL
Zscaler Government Cloud
Generic IKEv1 Router (Route Based VPN)
Generic Firewall (Policy Based VPN)
Note:VMware supports both Generic Route-based and Policy-based
Non SD-WAN Destination from Gateway.
Enter an IP address for the Primary VPN Gateway (and the Secondary VPN Gateway if necessary), and click Next.
A
Non SD-WAN Destination is created.
Note: To support the datacenter type of
Non SD-WAN Destination, besides the IPsec connection, you will need to configure
Non SD-WAN Destination local subnets into the
VMware system.
What to do next
Configure tunnel settings for your Non SD-WAN Destination. For more information about configuring tunnel settings for various IPsec tunnel types, see the following sections:
Configure Business Policy. (Configuring Business Policy is not mandatory for this feature, but if you are going to configure it and would like information, see Create Business Policy Rules.