Aryaka SD-WAN Solution Guide
Focus
Focus
Prisma Access

Aryaka SD-WAN Solution Guide

Table of Contents

Aryaka SD-WAN Solution Guide

Integrate an Aryaka SD-WAN with Prisma Access.
Where Can I Use This?
What Do I Need?
  • Prisma Access (Cloud Management)
  • Prisma Access (Panorama Managed)
Aryaka and Prisma Access seamlessly integrate to deliver a joint solution of a cloud-native global SD-WAN that includes private connectivity, WAN optimization, and application acceleration capabilities with a next-generation security platform that provides a consistent level of security in both physical and virtual environments.
Aryaka's SmartConnect delivers service level agreement (SLA)-based reliable global connectivity and faster application performance for both on-premises and cloud/SaaS applications, while Prisma Access adds a layer of advanced security controls required for internet- and cloud-bound traffic.
The Aryaka edge device, Aryaka Network Access Point (ANAP), can seamlessly forward all internet traffic from branch locations to Prisma Access using a secure IPSec tunnel.
Together, Aryaka and Prisma Access deliver a best-of-breed SD-WAN and security platform for enterprises accessing mission-critical internally hosted applications, as well accessing cloud applications using the internet.
This solution guide provides you with the tasks you perform to integrate a branch location using Aryaka SmartConnect with Prisma Access.

Supported IKE and IPSec Cryptographic Profiles

You onboard your SD-WAN edge devices using a remote network connection between the edge device at the branch site, HQ, or hub to Prisma Access. To do this you will onboard a remote network, ensuring that you use supported IKE and IPSec cryptographic settings.
The following table documents the IKE/IPSec crypto settings that are supported with Prisma Access and the Aryaka SD-WAN. In addition, the supported architecture types are listed at the end of the table. A check mark indicates that the profile or architecture type is supported; a dash (—) indicates that it's not supported. Default and Recommended settings are noted in the table.
Crypto Profiles
Prisma Access
Aryaka SmartConnect
Tunnel Type
IPSec Tunnel
GRE Tunnel
Routing
Static Routes
Dynamic Routing (BGP)
Dynamic Routing (OSPF)
IKE Versions
IKE v1
IKE v2
IPSec Phase 1 DH-Group
Group 1
Group 2
(Default)
(Default)
Group 5
Group 14
Group 19
Group 20
(Recommended)
IPSec Phase 1 Auth
If you use IKEv2 with certificate-based authentication, only SHA1 is supported in IKE crypto profiles (Phase 1).
MD5
SHA1
(Default)
(Default)
SHA256
SHA384
SHA512
(Recommended)
IPSec Phase 1 Encryption
DES
3DES
(Default)
AES-128-CBC
(Default)
(Default)
AES-192-CBC
AES-256-CBC
(Recommended)
IPSec Phase 1 Key Lifetime Default
(8 Hours)
(8 Hours)
IPSec Phase 1 Peer Authentication
Pre-Shared Key
Certificate
IKE Peer Identification
FQDN
IP Address
User FQDN
IKE Peer
As Static Peer
As Dynamic Peer
Options
NAT Traversal
Passive Mode
Ability to Negotiate Tunnel
Per Subnet Pair
Per Pair of Hosts
Per Gateway Pair
IPSec Phase 2 DH-Group
Group 1
Group 2
(Default)
(Default)
Group 5
Group 14
Group 19
Group 20
(Recommended)
No PFS
IPSec Phase 2 Auth
MD5
SHA1
(Default)
(Default)
SHA256
SHA384
SHA512
(Recommended)
None
IPSec Phase 2 Encryption
DES
3DES
(Default)
AES-128-CBC
(Default)
AES-192-CBC
AES-256-CBC
AES-128-CCM
AES-128-GCM
AES-256-GCM
(Recommended)
NULL
IPSec Protocol
ESP
AH
IPSec Phase 2 Key Lifetime Default
(1 Hour)
(1 Hour)
Tunnel Monitoring Fallback
Dead Peer Detection (DPD)
ICMP
Bidirectional Forwarding Detection (BFD)
SD-WAN Architecture Type
With Regional Hub/Gateway/Data Center
N/A
No Regional Hub/Gateway/Data Center
NA

Recommended For You