TrainingSupportCommunity

Prepare for SD-WAN setup

Suggest Edits

Make sure you complete these steps before you configure your SD-WAN solution:

  1. Configure your branches as locations in ​SIA​. Make sure the public IP addresses of branches are configured as locations in ​SIA​. To create a location, see Create a location.

  2. Generate or create a pre-shared key. You can manually create a key that contains a minimum of 24 characters and a random sequence of characters that cannot be found in the dictionary. To use a command to do this on Linux or macOS, see Generate a pre-shared key.

  3. Take note of the IPsec fully qualified domain names (FQDNs). When configuring your SD-WAN solution, you need these FQDNs to establish a primary and secondary (backup) tunnel to ​SIA​:

    • primary.ipsec.akaetp.net
    • secondary.ipsec.akaetp.net

    Some SD-WAN solutions may require the IP addresses that resolve from these FQDNs. To determine these IP addresses, you’ll need to ping these FQDNs from your SD-WAN appliance.

  4. Configure IPsec credentials in ​SIA​. Before you configure your SD-WAN solution, you must configure ​SIA​ with the PSK you generated and create the IKE Identifier. For more information, see Configure IPsec credentials in ​SIA​.

Generate a pre-shared key

On Linux or macOS, complete this procedure to generate a pre-shared key (PSK) with a minimum of 24 characters. Make sure this key is a random sequence of characters and does not form a word that can be found in a dictionary.

To generate a pre-shared key:

Open a command line and enter this command:

head -c 24 /dev/urandom | base64

Configure IPsec credentials in ​SIA​

Before you begin:
Make sure you generate a pre-shared key. For instruction, see Generate a pre-shared key.

Complete this procedure to add IPsec credentials to ​SIA​. These credentials are required to set up IPsec tunnels between your SD-WAN solution and ​SIA​.

To configure IPsec credentials:

  1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > Connection Credentials.

  2. In the IPsec Credentials section, click the plus sign.

  3. Enter a unique identifier. This identifier you provide, as well the configuration ID and FQDN that are already included form the IKE identifier.

  4. In the key field, enter the pre-shared key (PSK) and confirm the key value.

  5. Click Save.

Updated 4 months ago