Example VPN configuration 1: Basic VPN between Secure SD-WAN Engines

This scenario shows an example of how to create a policy-based VPN between two or more Secure SD-WAN Engines managed through the same SMC.

This example VPN requires all engines to have a static IP address (not assigned using DHCP or PPPoE).

The address spaces protected by the different Secure SD-WAN Engines that act as gateways must not overlap within any single VPN. If you use the same IP addresses at the different locations, you must apply NAT to the communications. You must also define the sites using the translated IP addresses that are used inside the VPN tunnels.

This scenario uses the default Suite-B-GCM-128 VPN profile that contains the VPN settings specified for the Suite-B-GCM-128 cryptographic suite in RFC 6379. The profile uses pre-shared keys for authentication.

The configuration consists of the following general steps:

1. Configure VPN settings for the Secure SD-WAN Engines.
2. Create a Policy-Based VPN element.
3. Create Access rules.

Begin by configuring VPN settings for the Secure SD-WAN Engines.