Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Before attempting to set up an edge-to-edge VPN connection, you must create an edge connectivity policy and associate it with an edge connectivity profile. For information about edge connectivity profiles, see Configuring Edge Connectivity.

To create an edge connectivity policy, do the following:

  1. In the Cloud Services Portal, click Manage > Service Edge > Policies > Edge Connectivity Policies.
  2. Click Create.
  3. On the Add New Edge Connectivity Policy page, specify the following:
    • Name: Enter a name for the policy. Create a name that does not exceed 64 characters in length. Use numbers, any special characters, uppercase and lowercase letters, and even spaces. Start and end a name with any character but not a space. Leading and trailing spaces will be trimmed off automatically.  
    • Type: Choose the connection type from the drop-down list. The default is IPSec (Internet Protocol Security),which authenticates and encrypts data packets to provide secure, encrypted communication between two edges or between edges and a third-party tunnel over an internet protocol network.
    • Vendor: Choose one of the following vendors for the IPSec VPN connection:
      • Zscaler: Select this to configure an IPSec VPN tunnel between the Infoblox Service Edge and the Zscaler ZIA Public Service Edge. When you select this option, ensure that you have configured the ZIA Public Service Edge to communicate with the Infoblox Service Edge. For more information, see Configuring IPSec VPN for Zscaler
      • Infoblox Service Edge: Select this to configure an IPSec VPN tunnel among the Infoblox edges.

    • IP Address: If you have chosen Zscaler as the vendor, enter the IP address of the Zscaler ZIA Public Service Edge here. For information on how to locate the IP address, see Locating the Hostnames and IP Addresses for ZIA Public Service Edges

    • Mode: This field displays the encapsulation mode according to the vendor’s type. You cannot choose or modify the encapsulation mode. Depending on the vendor’s type, this field displays one of the following:
      • Auto-Detect: This is the default mode used when the vendor is Infoblox Service Edge.
      • Transport: The transport encapsulation mode retains the original IP header of the packet, which reflects the original source and destination of the packet. A transport mode–encapsulated datagram is routed in the same manner as the original packet is routed. The transport mode is mostly used in client-to-site VPN scenarios.
      • Tunnel: This is the default mode used when the vendor is Zscaler. The tunnel encapsulation mode encrypts the IP header of the original packet. It builds a new IP header containing the source and destination addresses of the security endpoints. The tunnel mode is used mainly in site-to-site VPN scenarios.
    • PSK: Enter the pre-shared key (PSK) for the connection. A PSK is the secret shared between two edges. If you have chosen Zscaler as the vendor, then, while configuring the IPSec VPN in the Zscaler Cloud Portal, you will need to enter the same PSK in the New Pre-Shared Key field of the Add VPN Credentials dialog. For more information, see Configuring IPSec VPN for Zscaler

4. Click Save & Close.

  • No labels