The Non SD-WAN Destination (earlier known as Non VeloCloud Site (NVS) functionality consists of connecting a VMware network to an external Network (for example: Zscaler, Cloud Security Service, Azure, AWS, Partner Datacenter and so on). This is achieved by creating a secure Internet Protocol Security (IPsec) tunnel between a VMware entity and a VPN Gateway at the Network Provider.
VMware allows the Enterprise users to define and configure a datacenter type of
Non SD-WAN Destination instance and establish a secure tunnel directly to an External network in the following two ways, Non SD-WAN Destinations via Gateway and Non SD-WAN Destinations via Edge as described below.
- Non SD-WAN Destinations via Gateway - Allows a SD-WAN Gateway to establish an IPsec tunnel directly to a Non SD-WAN Destination. VMware supports the following Non SD-WAN Destination configurations through SD-WAN Gateway:
- AWS VPN Gateway
Note: The AWS VPN Gateway type is new from the 4.3 release.
- Check Point
- Cisco ASA
- Cisco ISR
- Generic IKEv2 Router (Route Based VPN)
- Microsoft Azure Virtual Hub
- Palo Alto
- SonicWALL
- Zscaler
- Generic IKEv1 Router (Route Based VPN)
- Generic Firewall (Policy Based VPN)
Note: VMware supports both Generic Route-based and Policy-based Non SD-WAN Destination from Gateway.
- AWS VPN Gateway
- Non SD-WAN Destinations via Edge - Allows a SD-WAN Edge to establish an IPsec tunnel directly to a Non SD-WAN Destination (AWS and Azure Datacenter).
Note: VMware supports only Generic IKEv2 Router (Route Based VPN) and Generic IKEv1 Router (Route Based VPN) Non SD-WAN Destination from the SD-WAN Edge.
Non SD-WAN Destination Configuration Workflow
- Configure a Non SD-WAN Destination Network Service
- Associate a Non SD-WAN Destination Network Service to a Profile or Edge
- Configure Tunnel Parameters: WAN link selection and Per tunnel credentials
- Configure Business Policy