This is an optional service that allows you to create VPN tunnel configurations to access one or more Non-VeloCloud Sites. The VeloCloud provides the configuration required to create the tunnel(s) – including creating IKE IPSec configuration and generating a pre-shared key.

Overview

The following figure shows an overview of the VPN tunnels that can be created between the VeloCloud and a Non-VeloCloud Site.

configure-network-service-non-vc-vpn-overview

Note: It is required that an IP address be specified for a Primary VPN Gateway at the Non-VeloCloud Site. The IP address is used to form a Primary VPN Tunnel between a VeloCloud Gateway and the Primary VPN Gateway.

Optionally, an IP address can be specified for a Secondary VPN Gateway to form a Secondary VPN Tunnel between a VeloCloud Gateway and the Secondary VPN Gateway. Using Advanced Settings, Redundant VPN Tunnels can be specified for any VPN tunnels you create.

Add Non-VeloCloud Site VPN Gateway

Enter a Name and chose a gateway Type (Cisco ASA, Cisco ISR, Palo Alto, SonicWall, or Generic). Specify the IP address for the Primary VPN Gateway and, optionally, specify an IP address for a Secondary VPN Gateway.  

configure-network-services-new-data-center

Configure Non-VeloCloud Site Subnets

Once you have created a Non-VeloCloud Site configuration, you can add subnets using the following dialog box.

configure-network-services-new-data-center-subnets

Click the Advanced Settings button to enter additional subnet parameters, VPN Gateway parameters, and to add Redundant VPN tunnel(s).

configure-network-services-new-data-center-subnets-advanced

View IKE IPSec Configuration, Configure Non-VeloCloud Site Gateway

If you click the View IKE IPSec Configuration button, the information needed to configure the Non-VeloCloud Site Gateway appears. The Gateway administrator should use this information to configure the Gateway VPN tunnel(s).

configure-network-services-ike-ipsec-config

Enable IPSec Tunnel

The Non-VeloCloud Site VPN tunnel is initially disabled. You must enable the tunnel(s) after the Non-VeloCloud Site Gateway has been configured and before first use of the Edge-to- Non-VeloCloud Site VPN.

configure-network-services-enable-tunnel