Focus

Prisma Access

Configure the Remote Nework in Prisma Access

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

Connect Your Remote Network in Mainland China to Prisma Access

Set up the Alibaba Cloud Infrastructure

Configure the Remote Nework in Prisma Access

Where Can I Use This?	What Do I Need?
`Prisma Access (Panorama Managed)`	`Prisma Access` license

To begin the onboarding of a remote network in mainland China, you onboard the remote network and get the public IP address that Prisma Access Uses for the remote network connection (the

Service IP Address

In the Panorama that manages Prisma Access, select

Network

Network Profiles

IKE Crypto

Add

and

Add

an IKE crypto profile for the IPSec tunnel, if you have not created one already.

Make sure you have specified the

Template

Remote_Network_Template

before starting this task.

Give the profile a name and specify IKE settings.

Make a note of these settings; you specify the same settings when you create the IPSec tunnel in the router instance you configure in Alibaba Cloud.

Select

Network

Network Profiles

IPSec Crypto

and create a new IPSec crypto profile in Panorama, making a note of the settings you specify.

Skip this step if you have already created an IPSec crypto profile.

Select

Network

Network Profiles

IKE Gateways

and

Add

a new IKE gateway, specifying the following parameters:

Specify a

Version

IKEv2 only mode

Specify a

Peer IP Address Type

Dynamic

Enter a

Pre-Shared Key

Specify

User FQDN (email address)

for

Local Identification

and

Peer Identification

and enter the IP addresses to use.

Select

Advanced Options

and enable

NAT Traversal

Select

Network

IPSec Tunnels

and

Add

an IPSec tunnel, specifying the

IPSec Crypto Profile

you just created.

Onboard a new remote network connection in Prisma Access, specifying the following parameters:

Select a location that is close to the location of VPC 2.

Enter placeholder

Corporate Subnets

. You add valid subnets after you deploy the VM-series firewall in Alibaba Cloud.

Add one or more

Static Routes

to the branch office network.

You can also use

BGP

routing for your deployment.

Commit your changes to Panorama (

Commit

Commit to Panorama

), then commit and push your changes (

Commit

Commit and Push

Select

Panorama

Cloud Services

Status

Network Details

and note the

Service IP Address

for the service connections you onboarded.

(Optional) If you want to enable redundancy, complete these steps and add another remote network tunnel between Prisma Access and a backup (secondary) customer premises equipment (CPE) at the remote network location. If you create a backup WAN, you must select

Enable Secondary WAN

and select the backup tunnel you create during remote network onboarding.

Connect Your Remote Network in Mainland China to Prisma Access

Set up the Alibaba Cloud Infrastructure

Prisma Access Docs

Configure the Remote Nework in Prisma Access

Prisma Access Docs

Configure the Remote Nework in Prisma Access

Recommended For You

Activation & Onboarding

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner