The Non VMware SD-WAN Site (earlier known as Non Velocloud Site (NVS) functionality consists of connecting a VMware network to an external Network (for example: Zscaler, Cloud Security Service, Azure, AWS, Partner Datacenter and so on). This is achieved by creating a secure Internet Protocol Security (IPSec) tunnel between a VMware entity and a VPN Gateway at the Network Provider.
- Non SD-WAN Destinations via Gateway - Enables a SD-WAN Gateway to establish an IPSec tunnel directly to a Non VMware SD-WAN Site. VMware supports the following Non VMware SD-WAN Site configurations through SD-WAN Gateway:
- Check Point
- Cisco ASA
- Cisco ISR
- Generic IKEv2 Router (Route Based VPN)
- Microsoft Azure Virtual Hub
- Palo Alto
- Generic IKEv1 Router (Route Based VPN)
- Generic Firewall (Policy Based VPN)
Note: VMware supports both Generic Route-based and Policy-based Non VMware SD-WAN Site from Gateway.
- Non SD-WAN Destinations via Edge - Enables a SD-WAN Edge to establish an IPSec tunnel directly to a Non VMware SD-WAN Site (AWS and Azure Datacenter).
Note: VMware supports only Generic IKEv2 Router (Route Based VPN) and Generic IKEv1 Router (Route Based VPN) Non VMware SD-WAN Site from Edge.
Non VMware SD-WAN Site Configuration Workflow
- Configure a Non VMware SD-WAN Site Network Service
- Associate a Non VMware SD-WAN Site Network Service to a Profile or Edge
- Configure Tunnel Parameters: WAN link selection and Per tunnel credentials
- Configure Business Policy