1. Home
    2. Prisma
    3. Prisma Access
    4. Prisma Access Integration Guide (Panorama Managed)
    5. Integrate Third-Party SD-WANs with Prisma Access
    6. Aryaka SD-WAN Solution Guide
    7. Configure the Aryaka Remote Network

    Configure the Aryaka Remote Network

    Use the following tasks to create and configure a remote network tunnel between the Aryaka SmartConnect and Prisma Access. See SD-WAN Deployment Architectures Supported by Aryaka for a description of Aryaka’s SD-WAN deployment.
    Before you start, make sure that you have the following prerequisite items:
    To monitor and troubleshoot the remote network connection, see Monitor and Troubleshoot the Aryaka Remote Network.

    Create and Configure the IPSec Tunnel in Prisma Access

    To begin integrating the Aryaka SD-WAN with Prisma Access, you first configure the service infrastructure in Prisma Access, then configure and create an IPSec tunnel with Internet Key Exchange (IKE) and IPSec settings.
    To set up Prisma Access for use with an Aryaka SD-WAN, complete the following task.
    1. In Panorama, configure the service infrastructure (
      Panorama
      Cloud Services
      Configuration
       and create an
      Infrastructure Subnet
      .
    2. When a new
      IPSec Tunnel
       during the onboarding procedure, make a note of the
      IPSec Tunnel
       name and the
      IKE Gateway
       and
      IPSec Crypto profile
       that you use (or use the
      Default
       IPSec crypto profile) for the tunnels you create.
      If you configure a Pre-shared Key (PSK) for the
      IKE Gateway
      , make a note of it; you enter this PSK when you Configure the IPSec Tunnel in Aryaka SmartConnect.
      The following example configures a remote network with a
      Bandwidth
       of
      25 Mbps,
       a
      Region
       of
      US West (N. California)
      , and a
      Secondary WAN
       configured for this location.
    3. Enable zone mapping.
    4. Commit the configuration changes to Panorama and push the configuration out to Prisma Access for remote networks.
      1. Click
        Commit
        Commit to Panorama
        .
      2. Click
        Commit
        Commit and Push
        . Click
        Edit Selections
        Prisma Access
        , and select both Prisma Access for remote networks and Prisma Access for service setup to push the configuration out to the service.
      3. Click
        OK
         and
        Push
        .
    5. Make a note of the
      Service IP address
       of the Prisma Access side of the tunnel. To find this address in Panorama, select
      Panorama
      Cloud Services
      Status
      Network Details
      , click the
      Remote Networks
       radio button, and find the address in the
      Service IP Address
       field.

    Configure the IPSec Tunnel in Aryaka SmartConnect

    You configure Aryaka SmartConnect in the Cloud Security Connector section of the MyAryaka portal at https://my.aryaka.com/. Alternatively, you can contact the Aryaka support team to assist with the configuration.
    Your MyAryaka account must have write permission access to configure the Cloud Security Service. To verify that you have this access, log in to MyAryaka and select
    Config
    User Management
    Users
    .
    To complete the tunnel configuration for Aryaka SmartConnect, complete the following task.
    1. Log in to MyAryaka and navigate to the SmartConnect site for which you want to deploy Prisma Access.
    2. Click
      Edit Site
      , then select
      Cloud Security
       from the list of
      Advanced Settings.
    3. Enter information for the remote network tunnel.
      Enter the following settings:
      • Select
        Palo Alto
         in the
        Cloud Connector Vendor
         field.
      • Enter the
        Service IP Address
         for the remote network tunnel from Prisma Access in the
        Primary Tunnel
        Tunnel Destination
         field.
      • Enter the PSK value from the Prisma Access IKE gateway in the
        Tunnel Settings
        Shared Key
         field.
      • Enter a fully-qualified domain name (FQDN) for the Aryaka Network Access Point (ANAP), if the IP address of the M1/M2 interface is dynamic.
      • Select
        All Internet Traffic
         in the
        Traffic Forwarding
         field.
      After you choose to forward all internet traffic to Prisma Access, a default rule named
      DEFAULT INTERNET
       is inserted in the Route Controller, in the
      Default Routes
       section. The following screenshot shows the traffic forwarding settings.
    4. (
      Optional
      ) If you choose to forward only specific internet traffic to Prisma Access, program appropriate routes in the Router Controller section.
      Aryaka recommends that you edit Default Routes and not override routes to control forwarding. Overriden routes take precedence over any Aryaka-destined traffic and may accidentally cause site-to-site traffic to be routed to Prisma Access.
      The following figures provide screenshots of the Route Controller feature.
    5. Check the status of the tunnels.
      • To check the status from the Aryaka Cloud Security Connector, click the
        Status
         tab. Aryaka uses Dead Peer Detection (DPD) to determine the availability of the tunnel.
      • To check the status from Panorama, select
        Panorama
        Cloud Services
        Status
        Status
         to verify that the remote network has been successfully deployed.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo