Configure the Customer Premises Equipment at Your Branch Site

To complete the configuration of onboarding a branch office in mainland China, configure your customer premises equipment (CPE) as described in the following steps.
  1. Create an IKEv2 IPSec tunnel on your CPE, using the elastic IP address, using the IP address of the remote IPSec peer as the Elastic IP address of Alibaba instance R1.
    Use the following parameters for the IPSec tunnel:
    • Use an IKE identity of
    • Use a pre-shared key for authentication.
    • Enable NAT Traversal on the tunnel.
  2. Add a route to forward business and internal application traffic over the tunnel you created.
    Do not forward internet-bound traffic over this tunnel; you should route internet-bound traffic directly from the CPE to the internet.
  3. Verify that the remote network connection has been successfully deployed by opening the Panorama that manages Prisma Access and selecting
    Cloud Services

Recommended For You