After configuring a Non SD-WAN Destination of type Microsoft Azure Virtual Hub from SD-WAN Edge, you must associate the Non SD-WAN Destination to an Edge and configure tunnels to establish IPsec tunnels between the Edge and Microsoft Azure Virtual Hub.

At the Edge level, to associate a Non SD-WAN Destination to an SD-WAN Edge, perform the following steps:

Procedure

  1. In the SD-WAN service of the Enterprise portal, go to Configure > Edges.
  2. Select an Edge you want to associate your Microsoft Azure Non SD-WAN Destination with, and then click the View link in the Device column.
  3. In the Device settings page, under VPN services, expand Non SD-WAN Destinations via Edge, and then select the Override check box.
  4. Select the Enable Non SD-WAN via Edge check box.
  5. From the Name drop-down menu, select your Microsoft Azure Virtual Hub network service to establish VPN connection between the branch and the Microsoft Azure Non SD-WAN Destination.
  6. To configure tunnels for the Edge, under Action, click the + link. The Add Tunnel dialog box appears.
    1. From the Public WAN Link drop-down menu, select a WAN link to establish IPsec tunnel and click Save.
      For the WAN links to appear in the drop-down menu, the customer needs to first configure the WAN links for the Edges from the Configure > Edges > Device > WAN Settings page, and wait for the Edge’s WAN links to come up with the valid public IPs. The link’s public IP is used as the Local Identification value of the tunnel. You can select only the WAN link with Public IP address.
      A tunnel is automatically established between the Edge and the Microsoft Azure Non SD-WAN Destination via Azure APIs. After that the Orchestrator sends the tunnel configuration to the Edge to establish tunnel to the Azure service. Note that the automation for each tunnel takes about 1 to 5 minutes to complete. Once the tunnel automation is complete, you are able to view the details of configured tunnel and Public WAN link.
    2. Once tunnels are created, you can perform the following actions at the Edge level:
      • Update a tunnel - When the Edge Public WAN link IP address of the tunnel changes, the Orchestrator automatically enqueues automation job to update the Azure VPN site link and the VPN tunnel configurations. Under Action, click the + link to view the tunnel settings such as PSK.
      • Delete a network service - Select a network service and click Delete.
      • Deactivate a network service - Under Enable Service column, deselect the check box to deactivate a specific network service.
  7. Click Save Changes.

What to do next

You can monitor the automated deployment status of the Microsoft Azure Non SD-WAN Destinations configured for an Enterprise from the Monitor > Network Services > Non SD-WAN Destinations via Edge page in the SD-WAN service of the Enterprise portal. See Monitor Non SD-WAN Destinations.