To add a new edge device for IPsec Advanced tunneling

Steps

  1. Click Add, and select Add Edge Device.
  2. Select the tunneling type: IPsec Advanced.
  3. Under General, enter or update your device Name.
  4. Select the Device Type from the drop-down list.
  5. Provide a device Description (up to 512 alphanumeric characters).
  6. Under Device Authentication:
    1. Select the IKE Version. The IKEv2 protocol is selected by default.
    2. Select an IKE identity. The valid options are based on the IKE Version selected.

      If IKEv1 was selected as the IKE Version, the only option is Public IP address.

    3. Enter the Public IP address or DNS hostname.
    4. Select a Pre-shared key option. Define whether to use your own key (keys must be a minimum of 8 characters long) or generate a new key from the cloud service.
    5. If you select Use your own key, enter the key string. If you select Auto generated new key, the new key is displayed.

    Click the encryption settings link to view supported IKE and IPsec settings for the device.

  7. Under Points of Presence (PoPs), use the drop-down lists provided to select the two most appropriate points of presence (data center or local PoP) for your location.

    Optionally, click on the entry field and begin entering text to filter the list of PoPs to those that contain that search sub-string. The list is reduced as each character is entered. Make your selection from the filtered list. You can also use the up and down arrow keys on your keyboard to highlight your selection. Press Enter to select it. Press Esc to remove the filter and restore the previous selection.

    Once the Primary selection is made, the list for the Secondary selection is limited to those PoPs not included in the Data Center of the primary selection.

    Note that, if the two selections reside in the same physical location. redundancy is not supported. To avoid this, a message appears with instructions to select a difference secondary location.

    If you change selections, make sure your device configuration is correct.

    Important: If your device supports it, configure one PoP as the primary and one as the backup. We strongly recommend you configure your device to fail over to the backup PoP automatically.
  8. Under Policy Assignment, select the Default policy to apply to traffic managed by this device. The Default policy is pre-selected but can be changed.
  9. If you want to apply different policies to different internal networks whose traffic is managed by the device, click Add under the Policy Assignment table, then:
    1. Provide a unique Name for the network.
    2. Use the Type list to specify how you want to define the network (as an IP address, subnet, or IP range).
    3. Enter the network information in the format that you specified.
    4. Select the policy to apply to traffic from the network.
    5. Click Add.

    Repeat these steps for each internal network managed by the device to which you want to assign a specific policy.

    Note that networks (IP address ranges and subnets) may not overlap, and you can assign only one policy to each network.

  10. When you are finished configuring the device, click Save.