Example: configuring route-based VPNs with external gateways

This scenario shows an example of creating a route-based VPN tunnel between an internal and external network.

The administrators at Company B want to create a route-based VPN tunnel between their own network and a partner’s network. The administrators:
  1. Create a Network element to represent the partner’s network.
  2. Define a Tunnel Interface on the Company B engine that acts as the VPN Gateway.
  3. Configure routing to define a route to the partner’s network through the Tunnel Interface.
  4. Define an External VPN Gateway element to represent the partner company’s gateway device.
  5. Add a Route-Based SD-WAN Tunnel element with the following settings:
    Local Gateway Remote Gateway
    • Gateway — VPN Gateway element that represents the engine
    • Endpoint — Endpoint IP address in the Internal Network
    • Interface — Tunnel Interface defined on the engine
    • Gateway — External VPN Gateway element
    • Endpoint — Endpoint IP address in the Partner Network
  6. Select an IPsec Profile and an encapsulation Mode that is compatible with the External VPN Gateway.
  7. Create an Access rule that allows traffic from the internal network to the partner network that is reachable through the route-based VPN.
  8. Refresh the policy on the engine that acts as a VPN Gateway.