Add SD-WAN Tunnel Branch 1 to Branch 2

Azhar Wahid Lv1Posted 2024-May-23 11:08

Hai Sangforian,

Right now, our current SD-WAN setup is,
HQ to Branch 1,
HQ to Branch 2,

Example:
HQ SD-WAN tunnel route:
HQ(192.168.0.0/24) to Branch 1(192.168.1.0/24)
HQ(192.168.0.0/24) to Branch 2(192.168.2.0/24)

Branch 1 SD-WAN tunnel route:
Branch 1(192.168.1.0/24) to HQ(192.168.0.0/24)

Branch 2 SD-WAN tunnel route:
Branch 2(192.168.2.0/24) to HQ(192.168.0.0/24)

We wan to add route Branch 1 to Branch 2.
Branch 1(192.168.1.0/24) to Branch 2(192.168.2.0/24)
If HQ down branch can still connect to each other.

NGAF version: 8.0.47

Its possible?

Thank You

ArsalanAli has solved this question and earned 20 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Yes It is possible. Follow these steps
Go to central Manager -> VPN -> Tunnel Route -> Add -> Select Branch to Branch scenario -> select multiple branches (Branch 1 and 2)
also screenshot is attached

CM2.png (13.73 KB, Downloads: 304)

2

2

CM.jpg (86.64 KB, Downloads: 314)

1

1
Is this answer helpful?
Rotring Lv2Posted 2024-May-23 12:21
  
Hi,
Absolutely, it's possible to achieve what you described in your SD-WAN setup with NGAF version 8.0.47. Here's how you can configure Branch 1 to Branch 2 communication even if HQ goes down:

There are two main approaches to achieve this:

1.Mesh VPN: This method creates a direct VPN tunnel between Branch 1 and Branch 2, bypassing HQ entirely. This offers the most direct and potentially fastest communication path.
2.Dynamic Routing Protocol: This approach utilizes a routing protocol like OSPF (Open Shortest Path First) or BGP (Border Gateway Protocol) to share routing information between branches. When HQ goes down, the branches will automatically learn the best route to each other through the remaining active connections.

Here's a breakdown of each approach:
1. Mesh VPN:
-Configure a VPN tunnel directly between Branch 1 and Branch 2 on your SD-WAN device. This eliminates the need for HQ to route traffic between them.
-Pros: Simple setup, potentially faster communication for Branch 1 to Branch 2 traffic.
-Cons: Requires additional configuration on both Branch 1 and Branch 2 devices. May not be scalable if you have many branches needing to communicate directly.
2. Dynamic Routing Protocol:
-Enable a dynamic routing protocol like OSPF or BGP on your SD-WAN devices at HQ, Branch 1, and Branch 2.
-Configure the routing protocol to advertise the Branch 1 and Branch 2 networks to each other. This allows them to learn the best route for communication.
-Pros: More scalable solution if you have many branches needing to communicate directly. Offers automatic route discovery and failover.
-Cons: Requires a deeper understanding of routing protocols for proper configuration. May introduce additional overhead compared to Mesh VPN.

Here are some additional points to consider:
-Security: Make sure to configure proper security policies for any direct Branch 1 to Branch 2 communication, especially if using a Mesh VPN.
-NGAF Version Compatibility: Double-check the specific documentation for NGAF version 8.0.47 to ensure it supports the chosen approach (Mesh VPN or Dynamic Routing) and its configuration options.
-Testing: Always test your configuration thoroughly before deploying it in a production environment. Simulate HQ outage to verify Branch 1 to Branch 2 communication functionality.

I Can Help:

Change

Moderator on This Board

1
1
0

Started Topics

Followers

Follow

Trending Topics

Board Leaders