To complete the configuration of onboarding
a branch office in mainland China, configure your customer premises
equipment (CPE) as described in the following steps.
Create an IKEv2 IPSec tunnel on your CPE, using
the elastic IP address, using the IP address of the remote IPSec
peer as the Elastic IP address of Alibaba instance R1.
Use the following parameters for the IPSec tunnel:
Use
an IKE identity of User-FQDN.
Use a pre-shared key for authentication.
Enable NAT Traversal on the tunnel.
Add a route to forward business and internal application
traffic over the tunnel you created.
Do not forward internet-bound traffic over this tunnel;
you should route internet-bound traffic directly from the CPE to
the internet.
Verify that the remote network connection has been successfully deployed
by opening the Panorama that manages Prisma Access and selecting PanoramaCloud ServicesStatusStatus.