...
“Access Locations”. Where you specify the type (Site for now. AWS VPC is in development as of Sep 2024), Location, Credential (PSK) and WAN IP Address(es) (you can specific multiple public IP addresses for a single site/office if that office has multiple internet links. You can configure up to four WAN IP addresses per site but each one will count towards the tunnel count of the "As-A-Service" instance.
“Service Location” settings. Size determines how many tunnels can be established to the instance and how many UDDI Server tokens will be consumed. The location which specifics which Infoblox POP will host this service (e.g. AWS Europe or GCP Asia East). Service IP which is the private IP address of your choice that will host the Capabilities (DNS/DHCP/DNS Security)
...
Only IKEv2 is supported. IKEv1 is not supported.
It is important that NAT Traversal (NAT-T) is enabled even if your firewall is at the edge with public IP and doesn’t need NAT. Without it, the VPN will be established but data will not work over the VPN. This is because the NIOS-XaaS cloud side uses NAT.
The “Peer ID” in Phase 1 IKE is going to be a FQDN with value WAN.infoblox.com where WAN is replaced with your public IP address that you (the customer) initiate the VPN from to the Infoblox cloud. (e.g. for example, 1.2.3.4.infoblox.com). Some firewall/router vendors (e.g. OPNSense) may not require Peer ID to be configured. Other vendors (e.g. Palo Alto Networks, Cisco, etc) do require Peer ID to be configured correctly.
The “Local ID” in Phase 1 IKE is found in the Infoblox Portal labeled as “Identity”. It is a string of random characters (e.g. zx4fstsqyni5yxub)
...