Connecting a Spoke appliance to an Azure Gateway
| 1 | From the main menu, select Appliances. |
| 2 | Select the appropriate Spoke appliance and click Edit Configuration. |
| 3 | Select the appropriate WAN interface in Router mode. |
| 4 | From the Tunnels -> Overlay stack, select the Azure gateway overlay that will establish the VPN tunnel. It is then displayed in the Applications Anywhere list. |
| 5 | Click Configure Tunnel. |
There are two types of Azure managed gateways:
| • | Vnet Gateway (Virtual Network Gateway in Azure): a Vnet Gateway is a resource associated with a Virtual Network that provides connectivity to this Vnet (through site-to-site VPN or ExpressRoute) |
| • | Virtual Hub VPN Gateway (Virtual Hub VPN Gateway in Azure): a Virtual Hub VPN Gateway is a resource associated with a Virtual Hub in a Virtual WAN; Vnets in the same region are connected to the same Virtual Hub which provides: |
- connectivity between remote sites and these Vnets (through site-to-site VPN or ExpressRoute),
- routing between these Vnets,
- routing with Vnets that are connected to other Virtual Hubs (possibly in other regions) of the same Virtual WAN
The SD-WAN Application retrieves the AS number of the Cloud gateway. The AS number of the Cloud gateway:
| • | must not be included in the AS number range |
| • | or must be defined as an exclusion |
| • | and should be different from any other appliance ASN in the domain |
Refer to "Overlay Routing ".
| 6 | Since PSK is the only authentication type currently supported, the SD-WAN Application automatically generates a pre-shared key. This authentication type requires a WAN interface public IP address to be specified. |
| 7 | When there are several Cloud gateways, you can enter Preference values to define the priority of tunnels to route the traffic. The highest Preference value implies priority. The default value is 100. |
For Virtual Hub VPN Gateways only
VPN acceleration 'enabled' corresponds to routing via "Microsoft global network" whereas VPN acceleration 'disabled' corresponds to routing over public Internet (refer to routing preference).
| 8 | You can define the Association Route Table and Propagation Route Tables. Virtual Hub route tables are objects that enable network segmentation, i.e. they define whether attachments can communicate with one another. |
| • | Association Route Table: select the route table for association, either the Default one or any other route table. |
| • | Propagation Route Tables: select one or more route table(s) for propagation, or the None option. |
| • | Propagation Labels: you may enter one or more labels for propagation. |
Make sure that your choices for association and propagation follow the guidelines from Azure (see Additional considerations).
For all the Gateways
| 9 | Save your settings. Either one or two connections are defined - there are two connections with a Virtual Hub - and the matching tunnels are set up on the appliance. |
Note: You can edit or delete a Cloud connection at any time.