Describes how to configure a Non SD-WAN Destination of type Microsoft Azure Virtual Hub in SD-WAN Orchestrator.
To configure a Non SD-WAN Destination of type Microsoft Azure Virtual Hub from SD-WAN Gateway:
- Ensure you have configured a Cloud subscription. For steps, see Configure a Cloud Subscription Network Service.
- Ensure you have created Virtual WAN and Hubs in Azure. For steps, see Configure Azure Virtual WAN for Branch-to-Azure VPN Connectivity.
- From the navigation panel in the SD-WAN Orchestrator, go to Configure > Network Services.
The Services screen appears.
- In the Non SD-WAN Destinations via Gateway area, click the New button.
The New Non SD-WAN Destinations via Gateway dialog box appears.
- In the Name text box, enter the name for the Non SD-WAN Destination.
- From the Type drop-down menu, select Microsoft Azure Virtual Hub.
- From the Subscription drop-down menu, select a subscription.
The application fetches all the available Virtual WANs dynamically from Azure.
- From the Virtual WAN drop-down menu, select a virtual WAN.
The application auto-populates the resource group to which the virtual WAN is associated.
- From the Virtual Hub drop-down menu, select a Virtual Hub.
The application auto-populates the Azure region corresponding to the Hub
- Select the Enable Tunnel(s) checkbox to enable VMware VPN Gateways initiate VPN connections to the target Virtual Hub as soon as the site is successfully provisioned.
Note: VMware VPN Gateways will not initiate IKE negotiation until this Non SD-WAN Destination is configured on at least one profile.Note:
For Microsoft Azure Non SD-WAN Destination, by default, the local authentication ID value used is SD-WAN Gateway Interface Public IP.
- Click Next.
The SD-WAN Orchestrator automatically initiates deployment, provisions Azure VPN Sites, and downloads the VPN Site Configuration for the newly configured sites and stores the configuration in the SD-WAN Orchestrator’s Non SD-WAN Destination configuration database.
Once the Azure VPN sites are provisioned at the SD-WAN Orchestrator side, you can view the VPN sites (Primary and Redundant) in the Azure portal by navigating to your Virtual WAN page > Virtual WAN architecture > VPN sites.
What to do next
- Associate the Microsoft Azure Non SD-WAN Destination to a Profile to establish a tunnel between a branch and Azure Virtual Hub. For more information, see Associate a Microsoft Azure Non SD-WAN Destination to a Profile.
- You must add SD-WAN routes into Azure network manually. For more information, see Edit a VPN Site.
- After associating a Profile to the Microsoft Azure Non SD-WAN Destination, you can return to the Non SD-WAN Destinations via Gateway section by navigating to and configure the BGP settings for the Non SD-WAN Destination. Scroll to the name of your Non SD-WAN Destination, and then click the Edit link in the BGP column. For more information, see Configure BGP over IPsec from Gateways.
- In the Non SD-WAN Destinations via Gateway area, click the Edit link in the BFD column for a Non SD-WAN Destination, to configure the BFD settings. For more information, see Configure BFD for Gateways.
For information about Azure Virtual WAN Gateway Automation, see Configure SD-WAN Orchestrator for Azure Virtual WAN IPsec Automation from SD-WAN Gateway.