Configure the Aryaka Remote Network

Use the following tasks to create and configure a remote network tunnel between the Aryaka SmartConnect and Prisma Access. See SD-WAN Deployment Architectures Supported by Aryaka for a description of Aryaka’s SD-WAN deployment.
Before you start, make sure that you have the following prerequisite items:
To monitor and troubleshoot the remote network connection, see Monitor and Troubleshoot the Aryaka Remote Network.

Create and Configure the IPSec Tunnel in Prisma Access

To begin integrating the Aryaka SD-WAN with Prisma Access, you first Set Up the Prisma Access Service Infrastructure in Prisma Access, then configure and create an IPSec tunnel with Internet Key Exchange (IKE) and IPSec settings.
To set up Prisma Access for use with an Aryaka SD-WAN, complete the following task.
  1. When creating a new IPSec Tunnel during the onboarding procedure, make a note of the IPSec Tunnel name and the IKE Gateway and IPSec Crypto profile that you use.
    If you configure a Pre-shared Key (PSK) for the IKE Gateway, make a note of it; you enter this PSK when you Configure the IPSec Tunnel in Aryaka SmartConnect.
  2. Commit the configuration changes and push the configuration out to Prisma Access for remote networks.
    1. Click
      Push Config
      Remote Networks
  3. Make a note of the
    Service IP
    of the Prisma Access side of the tunnel. To find this address in Cloud Managed Prisma Access, select
    Service Setup
    Remote Networks
    , click the
    Remote Networks
    . Look for the
    Service IP
    field corresponding to the remote network configuration you created.

Configure the IPSec Tunnel in Aryaka SmartConnect

You configure Aryaka SmartConnect in the Cloud Security Connector section of the MyAryaka portal at Alternatively, you can contact the Aryaka support team to assist with the configuration.
Your MyAryaka account must have write permission access to configure the Cloud Security Service. To verify that you have this access, log in to MyAryaka and select
User Management
To complete the tunnel configuration for Aryaka SmartConnect, complete the following task.
  1. Log in to MyAryaka and navigate to the SmartConnect site for which you want to deploy Prisma Access.
  2. Click
    Edit Site
    , then select
    Cloud Security
    from the list of
    Advanced Settings.
  3. Enter information for the remote network tunnel.
    Enter the following settings:
    • Select
      Palo Alto
      in the
      Cloud Connector Vendor
    • Enter the
      Service IP Address
      for the remote network tunnel from Prisma Access in the
      Primary Tunnel
      Tunnel Destination
    • Enter the PSK value from the Prisma Access IKE gateway in the
      Tunnel Settings
      Shared Key
    • Enter a fully-qualified domain name (FQDN) for the Aryaka Network Access Point (ANAP), if the IP address of the M1/M2 interface is dynamic.
    • Select
      All Internet Traffic
      in the
      Traffic Forwarding
    After you choose to forward all internet traffic to Prisma Access, a default rule named
    is inserted in the Route Controller, in the
    Default Routes
    section. The following screenshot shows the traffic forwarding settings.
  4. (
    ) If you choose to forward only specific internet traffic to Prisma Access, program appropriate routes in the Router Controller section.
    Aryaka recommends that you edit Default Routes and not override routes to control forwarding. Overriden routes take precedence over any Aryaka-destined traffic and may accidentally cause site-to-site traffic to be routed to Prisma Access.
    The following figures provide screenshots of the Route Controller feature.
  5. Check the status of the tunnels.
    • To check the status from the Aryaka Cloud Security Connector, click the
      tab. Aryaka uses Dead Peer Detection (DPD) to determine the availability of the tunnel.
    • To check the status from Cloud Managed Prisma Access, select
      Service Setup
      Remote Networks
      Remote Networks
      to verify that the remote network has been successfully deployed.

Recommended For You