Add an IPSec Tunnel Group

When adding a tunnel group, you first define the common IPSec tunnel properties for all IPSec tunnels in the group. Then you add tunnels to the group. After you apply the configuration, all tunnels that you enabled become active and share the traffic streams, except for High Availability mode where only one tunnel becomes active.

When you specify Primary and Secondary for Tunnel Type in the following procedure, the group can support only two tunnels. When you specify Balance, the group can support up to eight tunnels.

Note:

Hover over the parameter fields to see what each one requires.

Log on to your Network Controller Node (NCN) appliance.
Go to Configuration, Configuration Editor.
Click Import.
Select a configuration from the drop down list (or drag and drop a configuration), and click Import.
Click Apply.
In the banner, click All Sites.
In the navigation pane, select Advanced.
In the work flow in the center pane, click Advanced 7 (Step 7) .
In the center pane, expand Tunnel Groups, and click Add Group.
On the Tunnel Groups page, specify the parameters for the following:
- Tunnel Group Name
- Basic Settings
- IKE Settings
- IPSec Settings
- IPSec Protected Networks
Click Add Tunnel.
On the Tunnel page, specify the following:
- Tunnel Name—The text must be a string starting with a letter and containing only numbers, letters, dash, or underscore characters.
- Local IP—Enter the local IP address or select one from the drop-down list.
- Peer IP—Enter the peer IP address.
- MTU—Enter a value for Maximum Transfer Unit (MTU) for fragmenting IKE and IPSec packets.
- Tunnel Type—Select Primary, Secondary, or balance from the drop-down list.
- Enable—Use the toggle to enable the tunnel.
Click Save
SD-WAN Edge adds the tunnel to the Tunnel Group Table.
Click Submit.