When per-device management is enabled, the SD-WAN settings pane includes access to an IPsec VPN Wizard. You can use the wizard to create IPsec VPN tunnels and automatically generate interface members for the tunnel.
- Ensure that you are in the correct ADOM and that SD-WAN per-device management is enabled for the ADOM.
- Go to Device Manager > SD-WAN > SD-WAN.
- Select any device or VDOM and click Edit. If no device is available, click Create New.
The Edit SD-WAN pane or Create New SD-WAN is displayed.
- Under Interface Members, click Create VPN.
- Configure the following settings, and click OK to generate IPsec VPNs:
Specify a name for the VPN.
Select IP Address or Dynamic DNS.
Specify the IP address if IP Address is selected for Remote Device.
Specify the FQDN if Dynamic DNS is selected for Remote Device.
Select the outgoing interface.
Select Pre-shared key or Signature.
Select the certificate (if Signature was selected as the Authentication Method)
Peer Certificate CA
Select the Peer Certificate CA (if Signature was selected as the Authentication Method)
Select the pre-shared key (if Pre-shared key was selected as the Authentication Method)
The auto-generated VPN interface is automatically added to the list of SD-WAN interface members.
- Edit the VPN in Interface Members to configure Gateway IP, Estimated Upstream Bandwidth (Kbps), and Estimated Downstream Bandwidth (Kbps).