Create a Policy-Based VPN element

The configuration of a Policy-Based VPN element has two stages: first you define some basic properties for the element, then you can add gateways and adjust the tunnels.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to SD-WAN.
  2. Browse to Policy-Based VPNs.
  3. Right-click Policy-Based VPNs, then select New Policy-Based VPN.
  4. Configure the settings.
    If you want to override the default link selection options in QoS Class elements, select a Link Usage Profile element from the Link Usage Profile drop-down list.

    The settings defined in the Link Usage Profile element are applied to all tunnels in the VPN according to their link types.

  5. Click OK.
    The Policy-Based VPN opens for editing.

Next steps

Define the VPN topology.

Policy-Based VPN Properties dialog box

Use this dialog box to change the properties of a policy-based VPN.

Option Definition
Name The name of the element.
Default VPN Profile Specifies the Default VPN Profile for the VPN.

By default, this profile is used for all tunnels, but you can override the selection for individual tunnels.

Link Usage Profile

(Optional)

To use dynamic link selection for Multi-Link VPNs, select a Link Usage Profile element.

Link Usage Profile elements define the connection types that are used unless a connection with significantly higher quality is available, are used only if necessary, or must not be used for specific types of traffic.

DSCP QoS Policy

(Optional)

Defines how DSCP matching or marking is done for VPN traffic in one of the following ways:
  • Select an existing QoS Policy from the list.
  • Select Select, then select an existing QoS Policy or click Tools > New to create a QoS Policy.
Apply NAT to traffic that uses this VPN

(Optional)

Select this option if you want the NAT rules in the Firewall Policy to apply to traffic that it sends into or receives from the VPN, or if you want to use the NAT Pool feature to translate VPN client connections. This option affects the traffic that is transported inside the tunnels. This option does not affect the tunnel negotiations or the encrypted packets between gateways. These communications are always matched to NAT rules.
Category

(Optional)

Includes the element in predefined categories. Click Select to select a category.
Comment

(Optional)

A comment for your own reference.