Configuring IPsec Tunnels

IPsec tunnels and the branch gateways that initiate the IPSec tunnels must be defined both in the SSE console. The tunnel orchestration for HPE Aruba Networking branch gateways (EdgeConnect, SD-Branch, or Microbranch) is handled by the EdgeConnect Orchestrator or by HPE Networking Central.

📘

Note:

Using other gateways may require manual configuration.

The recommended tunnel configurations for the edge devices (FW, SD-WAN, and so on) are as follows:

📘

Note:

To present block pages or SSL Decrypt traffic the you must either install an Axis CA certificate on endpoints or upload an Axis CA certificate to Axis Security. For more information see Certificate Management.

To configure IPsec tunnels in the SSE console, complete the following steps:

1. In the management console, select Settings -> Connectors -> IPsec Tunnels.
2. Select the New IPsec Tunnel button. This will open a new menu.

3. Under Tunnel Name, enter the desired name for the tunnel.

4. Under IPsec Tunnel Authentication, create authentication credentials. Keep note of these credentials. They will be used to configure the IPsec tunnel from your network device.

5. Select a location to associate the IPsec tunnel to.

📘

Note:

A tunnel can be associated with a single location.

To create a new location, click the + button to the right of the location field. For more information on configuring a new location, see Configuring Locations.

6. Once the tunnel has been defined, click Submit.

After an IPsec tunnel has been created, it will also appear under Associated Tunnels in the Locations page.