Configure the Aryaka Remote Network

Use the following tasks to create and configure a remote network tunnel between the Aryaka SmartConnect and Prisma Access. See SD-WAN Deployment Architectures Supported by Aryaka for a description of Aryaka’s SD-WAN deployment.
Before you start, make sure that you have the following prerequisite items:
To monitor and troubleshoot the remote network connection, see Monitor and Troubleshoot the Aryaka Remote Network.

Create and Configure the IPSec Tunnel in Prisma Access

To begin integrating the Aryaka SD-WAN with Prisma Access, you first configure the service infrastructure in Prisma Access, then configure and create an IPSec tunnel with Internet Key Exchange (IKE) and IPSec settings.
To set up Prisma Access for use with an Aryaka SD-WAN, complete the following task.
  1. In Panorama, configure the service infrastructure (
    Cloud Services
    and create an
    Infrastructure Subnet
  2. When a new
    IPSec Tunnel
    during the onboarding procedure, make a note of the
    IPSec Tunnel
    name and the
    IKE Gateway
    IPSec Crypto profile
    that you use (or use the
    IPSec crypto profile) for the tunnels you create.
    If you configure a Pre-shared Key (PSK) for the
    IKE Gateway
    , make a note of it; you enter this PSK when you Configure the IPSec Tunnel in Aryaka SmartConnect.
    The following example configures a remote network with a
    25 Mbps,
    US West (N. California)
    , and a
    Secondary WAN
    configured for this location.
  3. Enable zone mapping.
  4. Commit the configuration changes to Panorama and push the configuration out to Prisma Access for remote networks.
    1. Click
      Commit to Panorama
    2. Click
      Commit and Push
      . Click
      Edit Selections
      Prisma Access
      , and select both Prisma Access for remote networks and Prisma Access for service setup to push the configuration out to the service.
    3. Click
  5. Make a note of the
    Service IP address
    of the Prisma Access side of the tunnel. To find this address in Panorama, select
    Cloud Services
    Network Details
    , click the
    Remote Networks
    radio button, and find the address in the
    Service IP Address

Configure the IPSec Tunnel in Aryaka SmartConnect

You configure Aryaka SmartConnect in the Cloud Security Connector section of the MyAryaka portal at Alternatively, you can contact the Aryaka support team to assist with the configuration.
Your MyAryaka account must have write permission access to configure the Cloud Security Service. To verify that you have this access, log in to MyAryaka and select
User Management
To complete the tunnel configuration for Aryaka SmartConnect, complete the following task.
  1. Log in to MyAryaka and navigate to the SmartConnect site for which you want to deploy Prisma Access.
  2. Click
    Edit Site
    , then select
    Cloud Security
    from the list of
    Advanced Settings.
  3. Enter information for the remote network tunnel.
    Enter the following settings:
    • Select
      Palo Alto
      in the
      Cloud Connector Vendor
    • Enter the
      Service IP Address
      for the remote network tunnel from Prisma Access in the
      Primary Tunnel
      Tunnel Destination
    • Enter the PSK value from the Prisma Access IKE gateway in the
      Tunnel Settings
      Shared Key
    • Enter a fully-qualified domain name (FQDN) for the Aryaka Network Access Point (ANAP), if the IP address of the M1/M2 interface is dynamic.
    • Select
      All Internet Traffic
      in the
      Traffic Forwarding
    After you choose to forward all internet traffic to Prisma Access, a default rule named
    is inserted in the Route Controller, in the
    Default Routes
    section. The following screenshot shows the traffic forwarding settings.
  4. (
    ) If you choose to forward only specific internet traffic to Prisma Access, program appropriate routes in the Router Controller section.
    Aryaka recommends that you edit Default Routes and not override routes to control forwarding. Overriden routes take precedence over any Aryaka-destined traffic and may accidentally cause site-to-site traffic to be routed to Prisma Access.
    The following figures provide screenshots of the Route Controller feature.
  5. Check the status of the tunnels.
    • To check the status from the Aryaka Cloud Security Connector, click the
      tab. Aryaka uses Dead Peer Detection (DPD) to determine the availability of the tunnel.
    • To check the status from Panorama, select
      Cloud Services
      to verify that the remote network has been successfully deployed.

Recommended For You