Defining the External Gateway and Routing parameters

Refer to "Use Case 10" diagram where the external gateway information is displayed in green.

Also see how to define a Web Security Gateway ("Use Case 9").

Identifying the external gateway

1 In the General panel of the Configuration window, select 'VTI' as type of gateway (Virtual Tunnel Interface VPN).
2 Enter the Name (AzureGateway) of the VTI gateway.
3 Enter the VTI gateway Primary Public IP Address (144.4.4.4).

Also refer to "Identifying the web security gateway".

Routing

Warning: There is one prerequisite which is the necessary configuration of the VTI gateway parameters in Microsoft Azure.

Also refer to the "Routing" parameters of a Web Security Gateway.

You can define how the traffic is routed through the tunnel by using subnet information (static configuration) or BGP (dynamic configuration). The current example uses static configuration.

4 Set the Mode button to Static.
5 Define the remote Azure subnet IP address by entering its prefix (10.1.9.0) and prefix length (24). Note that you also defined this IP address in Microsoft Azure.

If you use BGP, enter the IP address of the BGP local peer and the Autonomous System value as they are specified on the Microsoft Azure Portal. With a Cisco router, you can find the required information in the router configuration file.

IPsec tunnel parameters

6 Use IKE policy and IPsec policy values as you defined them in Microsoft Azure or for your Cisco router. Also enter the MTU value.
7 Use the IPsec Pre-Shared key field as follows:
If in Microsoft Azure, the VPN gateway is configured with only one default Pre-Shared Key for all the tunnels connected to this gateway, enter this key in the SD-WAN Orchestrator. Specifying a Pre-Shared key is mandatory with an external gateway.
You can override this default Pre-Shared Key with a new key when configuring the connection between the ip|engine and the external gateway.
8 Click Create.

For a detailed description of all the fields, refer to "Advanced Configuration".

Also see the "IPsec tunnel parameters" of a Web Security Gateway.

9 Then connect the gateway to the Branch Office ip|engine. Refer to the following section.