Prisma Access
Configure the Customer Premises Equipment at Your Branch Site
Table of Contents
Configure the Customer Premises Equipment at Your Branch Site
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
To complete the configuration of onboarding
a branch office in mainland China, configure your customer premises
equipment (CPE) as described in the following steps.
- Create an IKEv2 IPSec tunnel on your CPE, using the elastic IP address, using the IP address of the remote IPSec peer as the Elastic IP address of Alibaba instance R1.Use the following parameters for the IPSec tunnel:
- Use an IKE identity of User-FQDN.
- Use a pre-shared key for authentication.
- Enable NAT Traversal on the tunnel.
Add a route to forward business and internal application traffic over the tunnel you created.Do not forward internet-bound traffic over this tunnel; you should route internet-bound traffic directly from the CPE to the internet.Verify that the remote network connection has been successfully deployed by opening the Panorama that manages Prisma Access and selecting .![]()
