Configure the Customer Premises Equipment at Your Branch Site
Focus
Focus
Prisma Access

Configure the Customer Premises Equipment at Your Branch Site

Table of Contents

Configure the Customer Premises Equipment at Your Branch Site

Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Panorama)
To complete the configuration of onboarding a branch office in mainland China, configure your customer premises equipment (CPE) as described in the following steps.
  1. Create an IKEv2 IPSec tunnel on your CPE, using the elastic IP address, using the IP address of the remote IPSec peer as the Elastic IP address of Alibaba instance R1.
    Use the following parameters for the IPSec tunnel:
    • Use an IKE identity of User-FQDN.
    • Use a pre-shared key for authentication.
    • Enable NAT Traversal on the tunnel.
  2. Add a route to forward business and internal application traffic over the tunnel you created.
    Do not forward internet-bound traffic over this tunnel; you should route internet-bound traffic directly from the CPE to the internet.
  3. Verify that the remote network connection has been successfully deployed by opening the Panorama that manages Prisma Access and selecting PanoramaCloud ServicesStatusStatus.