This section describes how to configure branch to VPNs.

You can configure Branch to Non-VeloCloud Sites by selecting the Enable checkbox (see the highlighted area in the screen capture below). You can also choose one or more Non-VeloCloud Sites by selecting the Enable check box, and then selecting Non-VeloCloud Site from the drop-down menu. You can click the + (plus) button to add additional Non-VeloCloud Sites.


You can also create VPN connections by selecting the New Non-VeloCloud Site from the drop-down menu. Select a Type for the Non-VeloCloud Site. The Non-VeloCloud Site Type options (as shown in the image below) are Cisco ASA, Cisco ISR, Palo Alto, SonicWall, Zscaler, Generic Router (Route Based VPN), and Generic Firewall (Policy Based VPN). In the example below, Cisco ISR is chosen. In this example, you can enter a Primary VPN gateway, and a Secondary VPN gateway option is available. Enter the required parameters (Name, Type, Primary Gateway, and Secondary Gateway) for the Non-VeloCloud Site you selected, then click Next.


Note: Cisco ASA does not support a secondary gateway. This is a limitation of the Cisco ASA VPN.

A status appears for the creation of the new Non-VeloCloud Site.


A final dialog box for completing the configuration of the Non-VeloCloud Site appears.


Note: The Branch to Non-VeloCloud Site VPN should not be enabled until after the gateway for the Enterprise Data Center is configured by the Enterprise Data Center Administrator and the Data Center VPN Tunnel is enabled.