Configure the Aryaka Remote Network
Use the following tasks to create and configure
a remote network tunnel between the Aryaka SmartConnect and Prisma Access.
See SD-WAN Deployment Architectures Supported by Aryaka for a description
of Aryaka’s SD-WAN deployment.
Before
you start, make sure that you have the following prerequisite items:
- An Aryaka SmartConnect subscription.
- A licensed and activated version of Prisma Access.
To monitor and troubleshoot the
remote network connection, see Monitor and Troubleshoot the Aryaka Remote Network.
Create and Configure the IPSec Tunnel in Prisma Access
To begin integrating the Aryaka SD-WAN with
Prisma Access, you first Set Up the Prisma Access Service Infrastructure in Prisma
Access, then configure and create an IPSec tunnel with Internet
Key Exchange (IKE) and IPSec settings.
To set up Prisma Access
for use with an Aryaka SD-WAN, complete the following task.
- Follow the steps to Connect a Remote Network Site to Prisma Access (Cloud Management).When creating a new IPSec Tunnel during the onboarding procedure, make a note of the IPSec Tunnel name and the IKE Gateway and IPSec Crypto profile that you use.If you configure a Pre-shared Key (PSK) for the IKE Gateway, make a note of it; you enter this PSK when you Configure the IPSec Tunnel in Aryaka SmartConnect.
- Commit the configuration changes and push the configuration out to Prisma Access for remote networks.
- Click .
- Make a note of theService IPof the Prisma Access side of the tunnel. To find this address in Cloud Managed Prisma Access, select , click theRemote Networks. Look for theService IPfield corresponding to the remote network configuration you created.
Configure the IPSec Tunnel in Aryaka SmartConnect
You configure Aryaka SmartConnect in the Cloud
Security Connector section of the MyAryaka portal at https://my.aryaka.com/.
Alternatively, you can contact the Aryaka support team to assist
with the configuration.
Your MyAryaka account must have write
permission access to configure the Cloud Security Service. To verify
that you have this access, log in to MyAryaka and select .
To complete the
tunnel configuration for Aryaka SmartConnect, complete the following
task.
- Log in to MyAryaka and navigate to the SmartConnect site for which you want to deploy Prisma Access.
- ClickEdit Site, then selectCloud Securityfrom the list ofAdvanced Settings.
- Enter information for the remote network tunnel.Enter the following settings:
- SelectPalo Altoin theCloud Connector Vendorfield.
- Enter theService IP Addressfor the remote network tunnel from Prisma Access in the field.
- Enter the PSK value from the Prisma Access IKE gateway in the field.
- Enter a fully-qualified domain name (FQDN) for the Aryaka Network Access Point (ANAP), if the IP address of the M1/M2 interface is dynamic.
- SelectAll Internet Trafficin theTraffic Forwardingfield.
After you choose to forward all internet traffic to Prisma Access, a default rule namedDEFAULT INTERNETis inserted in the Route Controller, in theDefault Routessection. The following screenshot shows the traffic forwarding settings.
- (Optional) If you choose to forward only specific internet traffic to Prisma Access, program appropriate routes in the Router Controller section.Aryaka recommends that you edit Default Routes and not override routes to control forwarding. Overriden routes take precedence over any Aryaka-destined traffic and may accidentally cause site-to-site traffic to be routed to Prisma Access.The following figures provide screenshots of the Route Controller feature.
- Check the status of the tunnels.
- To check the status from the Aryaka Cloud Security Connector, click theStatustab. Aryaka uses Dead Peer Detection (DPD) to determine the availability of the tunnel.
- To check the status from Cloud Managed Prisma Access, select to verify that the remote network has been successfully deployed.
