Configure a Non VMware SD-WAN Site of Type Microsoft Azure

Describes how to configure a Non VMware SD-WAN Site of type Microsoft Azure Virtual Hub in SD-WAN Orchestrator.

To configure a Non VMware SD-WAN Site of type Microsoft Azure Virtual Hub in SD-WAN Orchestrator:

Prerequisites

Ensure you have configured an IaaS subscription. For steps, see configure an Infrastructure as a Service Provider (IaaS) subscription.
Ensure you have created Virtual WAN and Hubs in Azure. For steps, see Configure Azure Virtual WAN for Branch-to-Azure VPN Connectivity.

Procedure

From the navigation panel in the SD-WAN Orchestrator, go to Configure > Network Services.
The Services screen appears.
In the Non SD-WAN Destinations via Gateway area, click the New button.
The New Non SD-WAN Destinations via Gateway dialog box appears.
In the Name text box, enter the name for the Non VMware SD-WAN Site.
From the Type drop-down menu, select Microsoft Azure Virtual Hub.
From the Subscription drop-down menu, select a subscription.
The application fetches all the available Virtual WANs dynamically from Azure.
From the Virtual WAN drop-down menu, select a virtual WAN.
The application auto-populates the resource group to which the virtual WAN is associated.
From the Virtual Hub drop-down menu, select a Virtual Hub.
The application auto-populates the Azure region corresponding to the Hub
Select the Enable Tunnel(s) checkbox to enable VMware VPN Gateways initiate VPN connections to the target Virtual Hub, as soon as the site is successfully provisioned.

Note: VMware VPN Gateways will not initiate IKE negotiation until this Non VMware SD-WAN Site is configured on at least one profile.

Note:
For Microsoft Azure Non VMware SD-WAN Site, by default, the local authentication ID value used is SD-WAN Gateway Interface Public IP.
Click Next.
The SD-WAN Orchestrator automatically initiates deployment, provisions Azure VPN Sites, and downloads the VPN Site Configuration for the newly configured sites and stores the configuration in the SD-WAN Orchestrator’s Non VMware SD-WAN Site configuration database.

Results

Once the Azure VPN sites are provisioned at the SD-WAN Orchestrator side, you can view the VPN sites (Primary and Redundant) in the Azure portal by navigating to your Virtual WAN page > Virtual WAN architecture > VPN sites.

What to do next

Associate the Microsoft Azure Non VMware SD-WAN Site to a Profile in order to establish a tunnel between a branch and Azure Virtual Hub. For more information, see Associate a Non VMware SD-WAN Site to a Profile.
You must add SD-WAN routes in to Azure network manually. For more information, see Edit a VPN Site.