Describes how to configure a Non SD-WAN Destination of type Microsoft Azure Virtual Hub from SD-WAN Gateway.

To configure a Non SD-WAN Destination of type Microsoft Azure Virtual Hub from SD-WAN Gateway:

Prerequisites

Procedure

  1. From the navigation panel in the SD-WAN Orchestrator, go to Configure > Network Services.
    The Services screen appears.
  2. In the Non SD-WAN Destinations via Gateway area, click the New button.
    The New Non SD-WAN Destinations via Gateway dialog box appears.
  3. In the Name text box, enter the name for the Non SD-WAN Destination.
  4. From the Type drop-down menu, select Microsoft Azure Virtual Hub.
  5. From the Subscription drop-down menu, select a subscription.
    The application fetches all the available Virtual WANs dynamically from Azure.
  6. From the Virtual WAN drop-down menu, select a virtual WAN.
    The application auto-populates the resource group to which the virtual WAN is associated.
  7. From the Virtual Hub drop-down menu, select a Virtual Hub.
    The application auto-populates the Azure region corresponding to the Hub
  8. Select the Enable Tunnel(s) checkbox to enable VMware VPN Gateways initiate VPN connections to the target Virtual Hub as soon as the site is successfully provisioned.
    Note: VMware VPN Gateways will not initiate IKE negotiation until this Non SD-WAN Destination is configured on at least one profile.
    Note:

    For Microsoft Azure Non SD-WAN Destination, by default, the local authentication ID value used is SD-WAN Gateway Interface Public IP.

  9. Click Next.
    The SD-WAN Orchestrator automatically initiates deployment, provisions Azure VPN Sites, and downloads the VPN Site Configuration for the newly configured sites and stores the configuration in the SD-WAN Orchestrator’s Non SD-WAN Destination configuration database.

Results

Once the Azure VPN sites are provisioned at the SD-WAN Orchestrator side, you can view the VPN sites (Primary and Redundant) in the Azure portal by navigating to your Virtual WAN page > Virtual WAN architecture > VPN sites.

What to do next

  • Associate the Microsoft Azure Non SD-WAN Destination to a Profile to establish a tunnel between a branch and Azure Virtual Hub. For more information, see Associate a Microsoft Azure Non SD-WAN Destination to a Profile.
  • You must add SD-WAN routes into Azure network manually. For more information, see Edit a VPN Site.
  • After associating a Profile to the Microsoft Azure Non SD-WAN Destination, you can return to the Non SD-WAN Destinations via Gateway section by navigating to Configure > Network Services and configure the BGP settings for the Non SD-WAN Destination. Scroll to the name of your Non SD-WAN Destination, and then click the Edit link in the BGP column. For more information, see Configure BGP over IPsec from Gateways.
  • In the Non SD-WAN Destinations via Gateway area, click the Edit link in the BFD column for a Non SD-WAN Destination, to configure the BFD settings. For more information, see Configure BFD for Gateways.

For information about Azure Virtual WAN Gateway Automation, see Configure SD-WAN Orchestrator for Azure Virtual WAN IPsec Automation from SD-WAN Gateway.