After configuring a Non SD-WAN Destination of type Microsoft Azure Virtual Hub from SD-WAN Edge, you must associate the Non SD-WAN Destination to an Edge and configure tunnels to establish IPsec tunnels between the Edge and Microsoft Azure Virtual Hub.
At the Edge level, to associate a Non SD-WAN Destination to a SD-WAN Edge, perform the following steps:
Procedure
Go to Configure > Edges
The
Edges page appears.
Select an Edge you want to associate your Microsoft Azure Non SD-WAN Destination and click the icon under the Device column.
In the Device Settings page, under Branch to Non SD-WAN Destinations via Edge, select the Enable Edge Override checkbox.
Select the Enable checkbox.
From the Name drop-down menu, select your Microsoft Azure Virtual Hub network service to establish VPN connection between the branch and the Microsoft Azure Non SD-WAN Destination.
To configure tunnels for the Edge, under Action, click the Add link. The Add Tunnel dialog box appears.
From the Public WAN Link drop-down menu, select a WAN link to establish IPsec tunnel and click Save Changes.
For the WAN links to appear in the drop-down menu, the customer needs to first configure the WAN links for the Edges from the
Configure > Edges > Device > WAN Settings page, and wait for the Edge’s WAN links to come up with the valid public IPs. The link’s public IP will be used as the Local Identification value of the tunnel. You will be able to select only the WAN link with Public IP address.
A tunnel is automatically established between the Edge and the Microsoft Azure
Non SD-WAN Destination via Azure APIs. After that the Orchestrator will send the tunnel configuration to the Edge to establish tunnel to the Azure service. Note that the automation for each tunnel takes about 1 to 5 minutes to complete. Once the tunnel automation is complete, you will be able to view the details of configured tunnel and Public WAN link as shown in the following screenshot.
You can monitor the automated deployment status of the Microsoft Azure Non SD-WAN Destinations configured for an Enterprise from the Monitor > Network Services > Non SD-WAN Destinations via Edge page in the Enterprise portal. See Monitor Non SD-WAN Destinations.
Once tunnels are created, you can perform the following actions at the Edge level:
Update a tunnel - When the Edge Public WAN link IP address of the tunnel changes, the Orchestrator automatically enqueues automation job to update the Azure VPN site link and the VPN tunnel configurations. Under Action, click the Edit link to view the tunnel settings such as PSK.
Delete a tunnel - Under Action, click the Del link to delete a specific tunnel.
Deactivate a tunnel - Under Enable tunnel, unselect a tunnel to deactivate the specific tunnel.
Delete a network service - Under Action, click the icon to delete a specific network service.
Deactivate a network service - Under Enable Service, unselect a network service checkbox to deactivate a specific network service.
Click Save Changes.
What to do next
Once the automation is complete and tunnel is created, you can monitor the tunnel status from the
Monitor > Edges page.