Describes how to configure a Non VMware SD-WAN Site of type Microsoft Azure Virtual Hub in SD-WAN Orchestrator.
To configure a Non VMware SD-WAN Site of type Microsoft Azure Virtual Hub in SD-WAN Orchestrator:
- Ensure you have configured an IaaS subscription. For steps, see configure an Infrastructure as a Service Provider (IaaS) subscription.
- Ensure you have created Virtual WAN and Hubs in Azure. For steps, see Configure Azure Virtual WAN for Branch-to-Azure VPN Connectivity.
- From the navigation panel in the SD-WAN Orchestrator, go to Configure > Network Services.
The Services screen appears.
- In the Non SD-WAN Destinations via Gateway area, click the New button.
The New Non SD-WAN Destinations via Gateway dialog box appears.
- In the Name text box, enter the name for the Non VMware SD-WAN Site.
- From the Type drop-down menu, select Microsoft Azure Virtual Hub.
- From the Subscription drop-down menu, select a subscription.
The application fetches all the available Virtual WANs dynamically from Azure.
- From the Virtual WAN drop-down menu, select a virtual WAN.
The application auto-populates the resource group to which the virtual WAN is associated.
- From the Virtual Hub drop-down menu, select a Virtual Hub.
The application auto-populates the Azure region corresponding to the Hub
- Select the Enable Tunnel(s) checkbox to enable VMware VPN Gateways initiate VPN connections to the target Virtual Hub, as soon as the site is successfully provisioned.
Note: VMware VPN Gateways will not initiate IKE negotiation until this Non VMware SD-WAN Site is configured on at least one profile.Note:
For Microsoft Azure Non VMware SD-WAN Site, by default, the local authentication ID value used is SD-WAN Gateway Interface Public IP.
- Click Next.
The SD-WAN Orchestrator automatically initiates deployment, provisions Azure VPN Sites, and downloads the VPN Site Configuration for the newly configured sites and stores the configuration in the SD-WAN Orchestrator’s Non VMware SD-WAN Site configuration database.
Once the Azure VPN sites are provisioned at the SD-WAN Orchestrator side, you can view the VPN sites (Primary and Redundant) in the Azure portal by navigating to your Virtual WAN page > Virtual WAN architecture > VPN sites.
What to do next
- Associate the Microsoft Azure Non VMware SD-WAN Site to a Profile in order to establish a tunnel between a branch and Azure Virtual Hub. For more information, see Associate a Non VMware SD-WAN Site to a Profile.
- You must add SD-WAN routes in to Azure network manually. For more information, see Edit a VPN Site.