Example: configuring route-based VPNs with external gateways
This scenario shows an example of creating a route-based VPN tunnel between an internal and external network.
The administrators at Company B want to create a route-based VPN tunnel between their own network and a partner’s network. The administrators:
- Create a Network element to represent the partner’s network.
- Define a Tunnel Interface on the Company B engine that acts as the VPN Gateway.
- Configure routing to define a route to the partner’s network through the Tunnel Interface.
- Define an External VPN Gateway element to represent the partner company’s gateway device.
- Add a Route-Based SD-WAN Tunnel element with the following settings:
Local Gateway Remote Gateway - Gateway — VPN Gateway element that represents the engine
- Endpoint — Endpoint IP address in the Internal Network
- Interface — Tunnel Interface defined on the engine
- Gateway — External VPN Gateway element
- Endpoint — Endpoint IP address in the Partner Network
- Select an IPsec Profile and an encapsulation Mode that is compatible with the External VPN Gateway.
- Create an Access rule that allows traffic from the internal network to the partner network that is reachable through the route-based VPN.
- Refresh the policy on the engine that acts as a VPN Gateway.