The Non VMware SD-WAN Site (earlier known as Non Velocloud Site (NVS) functionality consists of connecting a VMware network to an external Network (for example: Zscaler, Cloud Security Service, Azure, AWS, Partner Datacenter and so on). This is achieved by creating a secure Internet Protocol Security (IPSec) tunnel between a VMware entity and a VPN Gateway at the Network Provider.

VMware allows the Enterprise users to define and configure a datacenter type of Non VMware SD-WAN Site instance and establish a secure tunnel directly to an External network in the following two ways:
  • Non SD-WAN Destinations via Gateway - Enables a SD-WAN Gateway to establish an IPSec tunnel directly to a Non VMware SD-WAN Site. VMware supports the following Non VMware SD-WAN Site configurations through SD-WAN Gateway:
    • Check Point
    • Cisco ASA
    • Cisco ISR
    • Generic IKEv2 Router (Route Based VPN)
    • Microsoft Azure Virtual Hub
    • Palo Alto
    • SonicWALL
    • Zscaler
    • Generic IKEv1 Router (Route Based VPN)
    • Generic Firewall (Policy Based VPN)
      Note: VMware supports both Generic Route-based and Policy-based Non VMware SD-WAN Site from Gateway.
  • Non SD-WAN Destinations via Edge - Enables a SD-WAN Edge to establish an IPSec tunnel directly to a Non VMware SD-WAN Site (AWS and Azure Datacenter).
    Note: VMware supports only Generic IKEv2 Router (Route Based VPN) and Generic IKEv1 Router (Route Based VPN) Non VMware SD-WAN Site from Edge.

Non VMware SD-WAN Site Configuration Workflow

  • Configure a Non VMware SD-WAN Site Network Service
  • Associate a Non VMware SD-WAN Site Network Service to a Profile or Edge
  • Configure Tunnel Parameters: WAN link selection and Per tunnel credentials
  • Configure Business Policy