Configure an SD-WAN VPN Connection

You can configure an SD-WAN VPN connection to add spokes to SD-WAN topologies using the device template.

Before you begin

Procedure

Step 1

Choose Devices > Template Management.

Step 2

Click the edit icon adjacent to the device template that you want to edit.

Step 3

Click the VPN tab.

Step 4

Click Add VPN Connection.

Step 5

Choose an SD-WAN topology from the VPN Topology drop-down list.

The Add VPN Connection dialog box expands and you can configure the following parameters:

  1. From the VPN Interface drop-down list, choose a WAN-facing or internet-facing physical interface to establish a VPN connection with the hub.

    This list contains all the interfaces configured on the device template.

  2. Use IP Address from the VPN Interface—This drop-down list is auto populated with the IP address variable. For IPv6 addresses, choose an IPv6 address from the drop-down list.

  3. Check the Local Tunnel (IKE) Identity check box to enable a unique and configurable identity for the VPN tunnel from the spoke to a remote peer.

  4. Identity Type—Key ID is the only supported identity type. Choose a key ID variable from the drop-down list or click (add icon) to create a new key ID variable.

  5. Click OK.

    You can view the VPN connection in the Site-to-Site VPN Connections table.

Step 6

Click Save.

What to do next

  1. Configure the routing policy for the spoke in the device template.

  2. Map the device interfaces to the template interfaces (Model Mapping).

  3. Apply the template to a device.