Configure Branch to Branch VPN to establish a VPN connection between branches.
Procedure
- In the Enterprise portal, click Configure > Profiles.
The Configuration Profiles page appears.
- Select a profile you want to configure Cloud VPN and click the icon under the Device column.
The Device Settings page for the selected profile appears.
- Go to Cloud VPN area and enable Cloud VPN by turning the toggle button to On.
- To configure a Branch to Branch VPN, under Branch to Branch VPN, select the Enable checkbox.
Branch to Branch VPN supports two configurations for establishing a VPN connection between branches:
Configuration Description Using SD-WAN Gateway In this option, Edges establish VPN tunnel with the closest gateway and connections between Edges go through this gateway. The SD-WAN Gateway may have traffic from other customers. Using SD-WAN Hub In this option, one or more Edges are selected to act as hubs that can establish VPN connections with branches. Connections between branch Edges go through the hub. The hub is your only asset which has your corporate data on it, improving overall security. - To enable profile isolation, select the Isolate Profile checkbox.
If profile isolation is enabled, then the edges within the profile will not learn routes from other edges outside the profile via the SD-WAN Overlay.You can enable Dynamic Branch To Branch VPN to all edges or to edges within a Profile. On selecting the Enabled checkbox, by default the dynamic branch to branch VPN is configured for all edges. To configure dynamic Branch to Branch VPN by profile, make sure the Isolate Profile checkbox is unselected.Note: When Profile Isolation is enabled, Dynamic Branch To Branch VPN can only be enabled to edges within Profile.
When you enable Dynamic Branch to Branch VPN, the first packet goes through the Cloud Gateway (or the Hub). If the initiating Edge determines that traffic can be routed through a secure overlay multi-path tunnel, and if Dynamic Branch to Branch VPN is enabled, then a direct tunnel is created between the branches.
Once the tunnel is established, traffic begins to flow over the secure overlay multi-path tunnel between the branches. After 180 seconds of traffic silence (forward or reverse from either side of the branches), the initiating edge tears down the tunnel.
- Click Save Changes.