Service Provider Interconnect with IPsec
Table of Contents
Service Provider Interconnect with IPsec
Understand what is Service Provider Interconnect with IPsec, how does it work and how
to configure
The Service Provider Interconnect with IPsec (Cleanpipe) feature enables
Service Providers (SPs) to securely deliver enterprise traffic to Prisma Access™ using
IPsec tunnels. It leverages VLAN-based forwarding per tenant to provide simple,
scalable, and secure connectivity for internet-bound traffic.
In this configuration, customer traffic enters Prisma Access via Cleanpipe and
exits through the Service Provider’s egress network. This setup allows SPs to manage
egress routing, traffic policies, and compliance while delivering secure connectivity to
tenants.
To configure SPI with Service Provider Egress, perform the following:
- Select the Egress path as Egress back to the service provider network.
- Set up Shared Interconnect which will be used for both the egress and ingress traffic.
- Copy the VLAN attachment pairing key and use it when configuring the interconnect in colocation providers such as Equinix.
- Continue with Prisma Access feature configurations.