VMware allows the Enterprise users to define and configure a Non SD-WAN Destination instance and establish a secure IPSec tunnel directly from a SD-WAN Edge to a Non SD-WAN Destination.
Note: VMware supports only Generic IKEv2 Router (Route Based VPN) and Generic IKEv1 Router (Route Based VPN) Non SD-WAN Destination from Edge. This will enable the Edge to establish an IPSec tunnel to AWS datacenter or Azure datacenter. Currently, VMware only verifies IPSec tunnel support to AWS and Azure datacenters.
To configure a Non SD-WAN Destinations via Edge:
- From the navigation panel in the SD-WAN Orchestrator, go to Configure > Network Services.
The Services screen appears.
- In the Non SD-WAN Destinations via Edge area, click the New button.
The Non SD-WAN Destinations via Edge dialog box appears.
- In the Service Name text box, enter a name for the Non SD-WAN Destination.
- From the Service Type drop-down menu, select either Generic IKEv2 Router (Route Based VPN) or Generic IKEv1 Router (Route Based VPN) as the IPSec tunnel type.
- Click Next.
A Non SD-WAN Destination is created.Note: To support the datacenter type of Non SD-WAN Destination, besides the IPSec connection, you will need to configure Non SD-WAN Destination local subnets into the VMware system.
What to do next
- Configure tunnel settings for your Non SD-WAN Destination. For more information, see:
- Associate your Non SD-WAN Destination to a profile or Edge. For more information, see Configure a Tunnel Between a Branch and a Non SD-WAN Destinations via Edge.
- Configure Tunnel parameters (WAN link selection and Per tunnel credentials) at the Edge level. For more information, see Configure Cloud VPN and Tunnel Parameters at the Edge level.
- Configure Business Policy. Configuring business policy is an optional procedure for Non SD-WAN Destinations via Edge. If there are no Non SD-WAN Destinations configured then you can redirect the Internet traffic via business policy. For more information, see Create Business Policy Rules.