The Non SD-WAN Destination (earlier known as Non VeloCloud Site (NVS)) functionality consists of connecting a VMware network to an external Network (for example: Zscaler, Cloud Security Service, Azure, AWS, Partner Datacenter and so on). This is achieved by creating a secure Internet Protocol Security (IPsec) tunnel between a VMware entity and a VPN Gateway at the Network Provider.

VMware allows the Enterprise users to define and configure a datacenter type of Non SD-WAN Destination instance and establish a secure tunnel directly to an External network in the following two ways: Non SD-WAN Destinations via Gateway and Non SD-WAN Destinations via Edge, as described below.
  • Non SD-WAN Destinations via Gateway - Allows an SD-WAN Gateway to establish an IPsec tunnel directly to a Non SD-WAN Destination. VMware supports the following Non SD-WAN Destination configurations through SD-WAN Gateway:
    • AWS VPN Gateway
      Note: The AWS VPN Gateway type is introduced in the 4.3.0 release.
    • Check Point
    • Cisco ASA
    • Cisco ISR
    • Generic IKEv2 Router (Route Based VPN)
    • Microsoft Azure Virtual Hub
    • Palo Alto
    • SonicWALL
    • Zscaler
    • Generic IKEv1 Router (Route Based VPN)
    • Generic Firewall (Policy Based VPN)
      Note: VMware supports both Generic Route-based and Policy-based Non SD-WAN Destination from Gateway.

    For information on how to configure Non SD-WAN Destinations via Gateway, see Configure Non SD-WAN Destinations via Gateway.

  • Non SD-WAN Destinations via Edge - Allows an SD-WAN Edge to establish an IPsec tunnel directly to a Non SD-WAN Destination (AWS and Azure Datacenter). VMware supports the following Non SD-WAN Destination configurations through SD-WAN Edge:
    • Generic IKEv1 Router (Route Based VPN)
    • Generic IKEv2 Router (Route Based VPN)
    • Microsoft Azure Virtual Wan

For information on how to configure Non SD-WAN Destinations via Edge, see Configure Non SD-WAN Destinations via Edge.

Non SD-WAN Destination Configuration Workflow

  • Configure a Non SD-WAN Destination Network Service.
  • Associate a Non SD-WAN Destination Network Service to a Profile or Edge.
  • Configure Tunnel Parameters: WAN link selection and Per tunnel credentials.
  • Configure Business Policy.