Configure the ION Device at a Data Center

1. Select WorkflowsDevicesClaimed and select the device you wish to configure.

2. On the Basic Info tab:

   1. Enter a Device Name.
   2. (Optional) Enter a Description and Tags.
   3. Set Force VPN to VPN Traffic to Local Next Hop to Yes to force traffic from one branch site to another via a local next hop within a data center site.

      By default, the option Force VPN to VPN Traffic to Local Next Hop is toggled to No.

      If you have configured a Private WAN circuit on the DC ION device and the DC ION device is peering with a WAN edge router, the DC ION device will have learnt the route to the destination from the WAN edge router. In this case, the traffic will be routed to the WAN edge router and subsequently to the destination.
3. Configure the first port from the Interfaces tab.

   1. From 1GE ports, select Port 1.
   2. Leave Admin Up as the default Yes.
   3. (Optional) Enter a name, description, and tags for this port.

      The Interface Type displays as Port.
   4. For Use This Port For, select Connect to Internet to enable public VPNs for a branch site.
   5. For Circuit Label, select the circuit that connects to the internet.

      A circuit label is mandatory.
   6. For IPv4 Configuration, select DHCP or Static.

      • Choose DHCP and enter NAT Address and Port if the IP address is dynamically assigned and if the internet port IP address is a private IP address behind a NAT firewall.
        • The External NAT address should be the public IP address NAT-translated to the ION device’s IP address on this physical port.
        • The External NAT port should be the External NAT IP address UDP port forwarded to UDP 4500 on the ION device’s IP address on this physical port.
        • Outside of this device configuration, if you have a firewall, you must allow protocol TCP 443 and UDP 4500 in your firewall configuration.
      • If the IP address is fixed and specified manually, choose Static and specify the IP Address/Mask, Default Gateway, DNS Servers, and Secondary IPs.
   7. Select Enable IPv6 On This Interface to configure IPv6.
   8. For IPv6 Configuration, select AutoConf or Static.

      Autoconf indicates the Global IP address is derived using stateless address autoconfiguration (SLAAC).

      Choose Static if the IP address is fixed and is manually assigned. Additionally specify the IPv6 Address/Mask, Default Gateway (IPv6), and DNS server(s)(IPv6).
   9. In Advanced Options, (optional) specify MAC, IP MTU, and Physical from the available range.
   10. Click Save Port.
4. Proceed to configure the second port.

   1. Leave Admin Up as the default Yes.
   2. (Optional) Enter a name, description, and tags for this port.

      The Interface Type displays as Port.
   3. For Use This Port For, select Peer with a Network to inject routes towards the core router.

      You may pair any non-hardware ports on the physical and virtual ION 7000 or ION 9000. However, ports 5/6 and ports 7/8 are hardware bypass port pairs, and therefore, must be configured as port pairs. These port pairs may be set to fail, open, or closed.
   4. For Circuit Label, select the circuit to peer with the network.
   5. For IPv4 Configuration, select DHCP or Static.
   6. In Advanced Options, (optional) specify MAC, IP MTU, and Physical from the available range.
   7. Click Save Port.

      Similar to configuring ports on a physical ION 7000, configure the ports on the virtual ION device. The virtual device has one controller port and nine configurable ports to connect to the internet or peer with a network.
5. Proceed to configure Routing, SNMP, Syslog Export, and NTP Client for the ION device.