Configure the Aryaka Remote Network
Use the following tasks to create and configure a remote network tunnel between the Aryaka SmartConnect and Prisma Access. See SD-WAN Deployment Architectures Supported by Aryaka for a description of Aryaka’s SD-WAN deployment.
Before you start, make sure that you have the following prerequisite items:
- An Aryaka SmartConnect subscription.
To monitor and troubleshoot the remote network connection, see Monitor and Troubleshoot the Aryaka Remote Network.
Create and Configure the IPSec Tunnel in Prisma Access
To begin integrating the Aryaka SD-WAN with Prisma Access, you first Set Up the Prisma Access Service Infrastructure in Prisma Access, then configure and create an IPSec tunnel with Internet Key Exchange (IKE) and IPSec settings.
To set up Prisma Access for use with an Aryaka SD-WAN, complete the following task.
- Follow the steps to Connect a Remote Network Site to Prisma Access (Cloud Management).When creating a new IPSec Tunnel during the onboarding procedure, make a note of the IPSec Tunnel name and the IKE Gateway and IPSec Crypto profile that you use.If you configure a Pre-shared Key (PSK) for the IKE Gateway, make a note of it; you enter this PSK when you Configure the IPSec Tunnel in Aryaka SmartConnect.
- Commit the configuration changes and push the configuration out to Prisma Access for remote networks.
- Click.Push ConfigPushRemote NetworksPush
- Make a note of theService IPof the Prisma Access side of the tunnel. To find this address in Cloud Managed Prisma Access, select, click theManageService SetupRemote NetworksRemote Networks. Look for theService IPfield corresponding to the remote network configuration you created.
Configure the IPSec Tunnel in Aryaka SmartConnect
You configure Aryaka SmartConnect in the Cloud Security Connector section of the MyAryaka portal at https://my.aryaka.com/. Alternatively, you can contact the Aryaka support team to assist with the configuration.
Your MyAryaka account must have write permission access to configure the Cloud Security Service. To verify that you have this access, log in to MyAryaka and select
To complete the tunnel configuration for Aryaka SmartConnect, complete the following task.
- Log in to MyAryaka and navigate to the SmartConnect site for which you want to deploy Prisma Access.
- ClickEdit Site, then selectCloud Securityfrom the list ofAdvanced Settings.
- Enter information for the remote network tunnel.Enter the following settings:
After you choose to forward all internet traffic to Prisma Access, a default rule namedDEFAULT INTERNETis inserted in the Route Controller, in theDefault Routessection. The following screenshot shows the traffic forwarding settings.
- SelectPalo Altoin theCloud Connector Vendorfield.
- Enter theService IP Addressfor the remote network tunnel from Prisma Access in thefield.Primary TunnelTunnel Destination
- Enter the PSK value from the Prisma Access IKE gateway in thefield.Tunnel SettingsShared Key
- Enter a fully-qualified domain name (FQDN) for the Aryaka Network Access Point (ANAP), if the IP address of the M1/M2 interface is dynamic.
- SelectAll Internet Trafficin theTraffic Forwardingfield.
- (Optional) If you choose to forward only specific internet traffic to Prisma Access, program appropriate routes in the Router Controller section.Aryaka recommends that you edit Default Routes and not override routes to control forwarding. Overriden routes take precedence over any Aryaka-destined traffic and may accidentally cause site-to-site traffic to be routed to Prisma Access.The following figures provide screenshots of the Route Controller feature.
- Check the status of the tunnels.
- To check the status from the Aryaka Cloud Security Connector, click theStatustab. Aryaka uses Dead Peer Detection (DPD) to determine the availability of the tunnel.
- To check the status from Cloud Managed Prisma Access, selectto verify that the remote network has been successfully deployed.ManageService SetupRemote NetworksRemote Networks
Recommended For You
Recommended videos not found.