VMware allows the Enterprise users to define and configure a Non SD-WAN Destination instance and establish a secure IPsec tunnel to a Non SD-WAN Destination through a SD-WAN Gateway.

The Orchestrator selects the nearest Gateway for the Non SD-WAN Destination with its configured IP address, using geolocation service.

You can configure Non SD-WAN Destination via Gateway only at the Profile Level and cannot override at the SD-WAN Edge level.

To configure a Non SD-WAN Destination via Gateway:

Procedure

  1. Login to the SD-WAN Orchestrator as an Enterprise user.
  2. In the SD-WAN service of the Enterprise portal, go to Configure > Network Services.
    The Services screen appears.
  3. In the Non SD-WAN Destinations via Gateway area, click the New button.
    The New Non SD-WAN Destinations via Gateway dialog box appears.
  4. In the Name text box, enter a name for the Non SD-WAN Destination.
  5. From the Type drop-down menu, select an IPsec tunnel type.
    VMware supports the following Non SD-WAN Destination type configurations through SD-WAN Gateway:
    • AWS VPN Gateway
      Note: AWS VPN Gateway is new in the 4.3 release. In addition, Customers can use different primary Public IPs and Secondary Public IPs for NVS Gateways for AWS.
    • Check Point
    • Cisco ASA
    • Cisco ISR
    • Generic IKEv2 Router (Route Based VPN)
    • Microsoft Azure Virtual Hub
    • Palo Alto
    • SonicWALL
    • Zscaler
    • Generic IKEv1 Router (Route Based VPN)
    • Generic Firewall (Policy Based VPN)
      Note: VMware supports both Generic Route-based and Policy-based Non SD-WAN Destination from Gateway.
  6. Enter an IP address for the Primary VPN Gateway (and the Secondary VPN Gateway if necessary), and click Next.
    A Non SD-WAN Destination is created.
    Note: To support the datacenter type of Non SD-WAN Destination, besides the IPsec connection, you will need to configure Non SD-WAN Destination local subnets into the VMware system.

What to do next