Configure a VPN with an FlexEdge Secure SD-WAN Engine in Azure
When you have deployed an Secure SD-WAN Engine in Azure, you can use it as an endpoint in VPNs with other Secure SD-WAN Engines in your network.
Note: You cannot use Cloud Auto-Scaled Engines in VPNs.
Configuring a VPN between Secure SD-WAN Engines that are managed by the same SMC has the following advantages compared to using Azure's native VPN tools:
- Access control for VPN traffic
- Centralized management of the Secure SD-WAN Engines that act as VPN gateways
Because the public IP addresses of Secure SD-WAN Engines deployed in Azure are dynamic, the following restrictions apply when you use an Secure SD-WAN Engine deployed in Azure as a VPN gateway:
- The VPN gateway must use the fully qualified domain name (FQDN) of your Secure SD-WAN Engine as the phase-1 ID.
- IKEv1 main mode with pre-shared key authentication is not supported. Aggressive mode allows the use of pre-shared keys, but for security reasons certificate-based authentication is also recommended when IKEv1 is set in aggressive mode.