Configure Branch to Branch VPN to establish a VPN connection between branches.

Procedure

  1. In the Enterprise portal, click Configure > Profiles.
    The Configuration Profiles page appears.
  2. Select a profile you want to configure Cloud VPN and click the icon under the Device column.
    The Device Settings page for the selected profile appears.
  3. Go to Cloud VPN area and activate Cloud VPN by turning the toggle button to On.
  4. To configure a Branch to Branch VPN, under Branch to Branch VPN, select the Enable check box.
    Branch to Branch VPN supports two configurations for establishing a VPN connection between branches:
    Configuration Description
    Using SD-WAN Gateway In this option, Edges establish VPN tunnel with the closest gateway and connections between Edges go through this gateway. The SD-WAN Gateway may have traffic from other customers.
    Using SD-WAN Hub In this option, one or more Edges are selected to act as hubs that can establish VPN connections with branches. Connections between branch Edges go through the hub. The hub is your only asset which has your corporate data on it, improving overall security.
  5. To activate profile isolation, select the Isolate Profile check box.
    If profile isolation is activated, then the edges within the profile will not learn routes from other edges outside the profile via the SD-WAN Overlay.
    You can activate Dynamic Branch To Branch VPN to all Edges or to Edges within a Profile. On selecting the Enabled check box, by default the dynamic branch to branch VPN is configured for all edges. To configure dynamic Branch to Branch VPN by profile, make sure the Isolate Profile check box is unselected.
    Note: When Profile Isolation is activated, Dynamic Branch To Branch VPN can only be activated to Edges within Profile.

    When you activate Dynamic Branch to Branch VPN, the first packet goes through the Cloud Gateway (or the Hub). If the initiating Edge determines that traffic can be routed through a secure overlay multi-path tunnel, and if Dynamic Branch to Branch VPN is activated, then a direct tunnel is created between the branches.

    Once the tunnel is established, traffic begins to flow over the secure overlay multi-path tunnel between the branches. After 180 seconds of traffic silence (forward or reverse from either side of the branches), the initiating edge tears down the tunnel.

  6. Click Save Changes.