This is an optional service that allows you to create VPN tunnel configurations to access one or more Non VMware SD-WAN Sites. The VMware provides the configuration required to create the tunnel(s) – including creating IKE IPSec configuration and generating a pre-shared key.


The following figure shows an overview of the VPN tunnels that can be created between the VMware and a Non VMware SD-WAN Site.

Note: It is required that an IP address be specified for a Primary VPN Gateway at the Non VMware SD-WAN Site. The IP address is used to form a Primary VPN Tunnel between a SD-WAN Gateway and the Primary VPN Gateway.

Optionally, an IP address can be specified for a Secondary VPN Gateway to form a Secondary VPN Tunnel between a SD-WAN Gateway and the Secondary VPN Gateway. Using Advanced Settings, Redundant VPN Tunnels can be specified for any VPN tunnels you create.

Add Non VMware SD-WAN Site VPN Gateway

Enter a Name and choose a gateway Type. Specify the IP address for the Primary VPN Gateway and, optionally, specify an IP address for a Secondary VPN Gateway.  


Configure Non VMware SD-WAN Site Subnets

Once you have created a Non VMware SD-WAN Site configuration, you can add site subnets and configure tunnel settings.

Click the Advanced button to configure tunnel settings for VPN Gateways, and to add Redundant VPN tunnel(s).


View IKE IPSec Configuration, Configure Non VMware SD-WAN Site Gateway

If you click the View IKE IPSec Configuration button, the information needed to configure the Non VMware SD-WAN Site Gateway appears. The Gateway administrator should use this information to configure the Gateway VPN tunnel(s).


Enable IPSec Tunnel

The Non VMware SD-WAN Site VPN tunnel is initially disabled. You must enable the tunnel(s) after the Non VMware SD-WAN Site Gateway has been configured and before first use of the Edge-to- Non VMware SD-WAN Site VPN.

Important: Beginning with the 4.0 release, it is required that the AES-NI instruction set be supported by the CPU on all types of Virtual Machines.