Make sure you complete these steps before you configure your SD-WAN solution:
Configure your branches as locations in SIA. Make sure the public IP addresses of branches are configured as locations in SIA. To create a location, see Create a location.
Generate or create a pre-shared key. You can manually create a key that contains a minimum of 24 characters and a random sequence of characters that cannot be found in the dictionary. To use a command to do this on Linux or macOS, see Generate a pre-shared key.
Take note of the IPsec fully qualified domain names (FQDNs). When configuring your SD-WAN solution, you need these FQDNs to establish a primary and secondary (backup) tunnel to SIA:
Some SD-WAN solutions may require the IP addresses that resolve from these FQDNs. To determine these IP addresses, you’ll need to ping these FQDNs from your SD-WAN appliance.
Configure IPsec credentials in SIA. Before you configure your SD-WAN solution, you must configure SIA with the PSK you generated and create the IKE Identifier. For more information, see Configure IPsec credentials in SIA.
On Linux or macOS, complete this procedure to generate a pre-shared key (PSK) with a minimum of 24 characters. Make sure this key is a random sequence of characters and does not form a word that can be found in a dictionary.
To generate a pre-shared key:
Open a command line and enter this command:
head -c 24 /dev/urandom | base64
Before you begin:
Make sure you generate a pre-shared key. For instruction, see Generate a pre-shared key.
Complete this procedure to add IPsec credentials to SIA. These credentials are required to set up IPsec tunnels between your SD-WAN solution and SIA. You configure IPsec credentials in the Connection Credentials page when you’ve configured locations that use a static IP address. If you choose to identify a location with an IKE ID, you configure IPsec credentials when you create the location. To identify a location with the IKE ID, see Create a location with an IKE ID.
Note the following:
- The Connection Credentials lists all IPsec credentials, including the credentials that are created when you set the IKE ID as the identifier for a location.
- You can create a maximum of 15 IPsec credentials. If you need to increase this limit, contact your Akamai representative.
To configure IPsec credentials:
In the Threat Protection menu of Enterprise Center, select Clients & Connectors > Connection Credentials.
In the IPsec Credentials section, click the plus sign.
Enter a unique identifier. This identifier you provide, as well the configuration ID and FQDN that are already included form the IKE identifier.
In the key field, enter the pre-shared key (PSK) and confirm the key value.
Updated 3 months ago