Configure the Remote Nework in Prisma Access
Focus
Focus
Prisma Access

Configure the Remote Nework in Prisma Access

Table of Contents

Configure the Remote Nework in Prisma Access

Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Panorama)
To begin the onboarding of a remote network in mainland China, you onboard the remote network and get the public IP address that Prisma Access Uses for the remote network connection (the Service IP Address).
  1. In the Panorama that manages Prisma Access, select NetworkNetwork ProfilesIKE CryptoAdd and Add an IKE crypto profile for the IPSec tunnel, if you have not created one already.
    Make sure you have specified the Template of Remote_Network_Template before starting this task.
  2. Give the profile a name and specify IKE settings.
    Make a note of these settings; you specify the same settings when you create the IPSec tunnel in the router instance you configure in Alibaba Cloud.
  3. Select NetworkNetwork ProfilesIPSec Crypto and create a new IPSec crypto profile in Panorama, making a note of the settings you specify.
    Skip this step if you have already created an IPSec crypto profile.
  4. Select NetworkNetwork ProfilesIKE Gateways and Add a new IKE gateway, specifying the following parameters:
    • Specify a Version of IKEv2 only mode.
    • Specify a Peer IP Address Type of Dynamic.
    • Enter a Pre-Shared Key.
    • Specify User FQDN (email address) for Local Identification and Peer Identification and enter the IP addresses to use.
  5. Select Advanced Options and enable NAT Traversal.
  6. Select NetworkIPSec Tunnels and Add an IPSec tunnel, specifying the IPSec Crypto Profile you just created.
  7. Onboard a new remote network connection in Prisma Access, specifying the following parameters:
    • Select a location that is close to the location of VPC 2.
    • Enter placeholder Corporate Subnets. You add valid subnets after you deploy the VM-series firewall in Alibaba Cloud.
    • Add one or more Static Routes to the branch office network.
      You can also use BGP routing for your deployment.
  8. Commit your changes to Panorama (CommitCommit to Panorama), then commit and push your changes (CommitCommit and Push).
  9. Select PanoramaCloud ServicesStatusNetwork Details and note the Service IP Address for the service connections you onboarded.
  10. (Optional) If you want to enable redundancy, complete these steps and add another remote network tunnel between Prisma Access and a backup (secondary) customer premises equipment (CPE) at the remote network location. If you create a backup WAN, you must select Enable Secondary WAN and select the backup tunnel you create during remote network onboarding.