SD-WAN

 View Only
last person joined: 14 hours ago 

Forum to discuss Silver Peak EdgeConnect SD-WAN and Aruba SD- Branch. This includes SD-WAN Orchestration WAN edge network functions including routing, security, zone-based firewall, segmentation and WAN optimization, micro-branch solutions, best practices, third party integrations, All things SD-WAN!
Expand all | Collapse all

SD-WAN as Gateway Router

This thread has been viewed 47 times
  • 1.  SD-WAN as Gateway Router

    Posted Nov 14, 2020 01:41 AM
    Can use single Aruba MC+SD-WAN Licenses to perform the following function

    1. WAN Loadbalancing
    2. Routing
    3. NAT
    4. VPN Connection with Third-party device
    5. Application filtering

    ------------------------------
    Dinusha Chandrasinghe - MVP | ACMP | ACSP |ACSA
    Network Engineer
    Plexus Global (Pvt) Ltd
    Colombo Sri Lanka
    +94717327420
    ------------------------------


  • 2.  RE: SD-WAN as Gateway Router

    Posted Nov 16, 2020 12:45 PM
    1. Maybe. I have TAC case open because gateway doesn't use the correct DPS rule I specified. TAC just said it's supposed to match device-level configuration first and after that the group level even though group level is at a lower priority. And of course the gateway doesn't know where the configuration came. So you need to verify your use case but in theory you should be able to load balance traffic from remote branch gateway to VPNCs in either cloud or at the DC

    2. Yes but Aruba doesn't let you redistribute 0.0.0.0/0 because of some reason which was never properly explained to me.

    3. If you do NAT on the remote gateway. 1:1 NAT pools are not supported, just NAT group of users to single IP address. NAT at the VPNC also is not probably supported at least I wasn't told how to configure that after opening a TAC ticket

    4. Yes it's possible to configure, haven't tested it though. i've used only automatic SD-WAN tunneling between Aruba devices

    5. You can configure application filterin in a security policy, but the applications you can use are not documented at least not in the Central documentation. So you have sort of guess and use trial and error. Also if you want to do per application bandwidth limits they don't bother to put them alphabetically so good luck :)


  • 3.  RE: SD-WAN as Gateway Router

    Posted Nov 27, 2020 07:46 PM
    Just to add some feedback regarding point number 4.

    I was able to successfully establish IKEv1 ipsec tunnel to a mikrotik router.

    Couldn't make it work with IKEv2 though, don't remember quite well what happened but I think it was something to do with certificates.

    ------------------------------
    Gaston Gabas
    ------------------------------