Auto Secure Peering initiated from PE appliance at DC site and branch site PE appliance 编辑

Configuration

To configure auto secure peering on a new Premium (Enterprise) Edition appliance at DC:

• PE DC appliance is in LISTEN ON mode (on port 443). Branch PE appliance is in CONNECT-TO mode.
• PE DC appliance initiates automatic secure peering to a PE Branch appliance which installs the Private CA Certs and CERT KEY Pairs and configures CONNECT-TO on the PE Branch appliance with DC EE’s LISTEN-ON IP.
• LISTEN-ON IP for PE appliance is in the interface IP associated to the routing domain for which “Redirect to WANOP” is enabled.

1. In the SD-WAN web GUI, navigate to Configuration > WAN Optimization > Secure Acceleration > Secure Peering.

2. Configure keystore by providing the keystore password or by disabling keystore.

   

3. Enable Secure Peering by selecting Private CA to perform AUTOMATIC SECURE PEERING.

   

   

4. Click the ‘+’ icon and to add IP with username and password. After successful authentication with the remote IP and credentials provided, a request is sent to the remote machine that will install CA Certificate and the Private cert and key for itself locally on the remote machine.

   Note

   IP Address – IP Address of remote EE Appliance MANAGEMENT IP

   Username – Username of remote EE Appliance

   Password – Password of remote EE Appliance

   

Monitoring

1. To validate if the Private CA and Private Certificate Key pair is generated successfully, review the information displayed below.

   

   

2. View Secure Partner Information on the Premium (Enterprise) Edition appliance under Monitoring > WAN Optimization > Partners page.

   

3. On partner appliance, view Secure Partner Information on the Premium (Enterprise) Edition Appliance under Monitoring > Partners & Plug-ins > Secure Partners page.

   

Troubleshooting

1. View Secure Partner Success / Failure Information on the Premium (Enterprise) Edition Appliance under Monitoring > WAN Optimization > Partners > Secure Partners page.

   

2. On partner appliance, view Secure Partner Information on the Premium (Enterprise) Edition Appliance under Monitoring > Partners & Plug-ins > Secure Partners page.

   

3. On partner Appliance, view Secure Partner Information on the Premium (Enterprise) Edition Appliance under Monitoring > Appliance Performance > Logging page.