Azure Virtual WAN is a network service that facilitates optimized and automated Virtual Private Network (VPN) connectivity from enterprise branch locations to or through Microsoft Azure. Azure subscribers provision Virtual Hubs corresponding to Azure regions and connect branches (which may or may not be SD-WAN enabled) through IP Security (IPsec) VPN connections.
To establish branch-to-Azure VPN connectivity,
SASE Orchestrator supports Azure Virtual WAN and
VMware SD-WAN integration and automation by leveraging the Azure backbone. Currently, the following Azure deployment options are supported from the
VMware SD-WAN perspective:
- IPsec from SD-WAN Gateway to Azure virtual WAN hub with automation.
- Direct IPsec from SD-WAN Edge to Azure virtual WAN hub with automation.
Azure Virtual WAN SD-WAN Gateway automation
The following diagram illustrates the IPsec tunnel from SD-WAN Gateway to Azure virtual WAN hub.
Azure Virtual WAN SD-WAN Edge automation
The following diagram illustrates the IPsec tunnel directly from SD-WAN Edge to Azure virtual WAN hub.
The following topics provide instructions for configuring the
SASE Orchestrator and Azure to enable branch-to-Azure VPN connectivity through the
SD-WAN Gateway and
SD-WAN Edge: