DOCSLIB.ORG

Zscaler and Cisco SD-WAN (Viptela) Deployment Guide

Zscaler and Cisco SD-WAN (Viptela) Deployment Guide

Zscaler Internet Access (ZIA) and Cisco SD-WAN Deployment Guide July 2020 Version 3.2 Table of Contents 1 Document Overview ..................................................................................... 6 1.1 Document Audience ...................................................................................................... 6 1.2 Hardware Used .............................................................................................................. 6 1.3 Software Revisions ........................................................................................................ 6 1.4 Request for Comments .................................................................................................. 6 1.5 Document Prerequisites ................................................................................................ 7 1.6 Document Revision Control ........................................................................................... 8 1.7 Cisco Design Overview .................................................................................................. 9 1.7.1 GRE and IPsec Tunnels ................................................................................................... 10 1.7.2 Tunnel Liveliness .............................................................................................................. 10 1.7.3 Transport-side vs Service-side Tunnels ............................................................................ 12 1.7.4 Traffic Redirection ............................................................................................................ 12 1.7.5 Cisco SD-WAN Configuration Requirements .................................................................... 14 1.8 Lab Topology and Configuration Overview .................................................................. 18 2 Configuring Zscaler Internet Access (ZIA) ............................................... 20 2.1 Overview ...................................................................................................................... 20 2.2 Logging into ZIA ........................................................................................................... 22 2.3 Configuring ZIA for GRE Tunnel .................................................................................. 23 2.3.1 Provision GRE Tunnel ...................................................................................................... 23 2.3.2 Navigate to Locations ....................................................................................................... 23 2.3.3 Add a Location ................................................................................................................. 24 2.3.4 Enter Location Data .......................................................................................................... 25 2.3.5 Verify Location Information and Save ............................................................................... 26 2.3.6 Confirm Changes Have Been Submitted .......................................................................... 27 2.3.7 Activate Changes ............................................................................................................. 28 2.4 Configuring ZIA for Ipsec Tunnel ................................................................................. 29 2.4.1 Navigate to VPN Credentials ............................................................................................ 29 2.4.2 Add a VPN Credential ...................................................................................................... 30 2.4.3 Enter VPN Credential Data ............................................................................................... 31 2.4.4 Verify VPN Credential ....................................................................................................... 32 2.4.5 Navigate to Locations ....................................................................................................... 33 2.4.6 Add a Location ................................................................................................................. 34 2.4.7 Enter Location Data .......................................................................................................... 35 2.4.8 Add VPN Credential to Location and Save ....................................................................... 36 2.4.9 Confirm Changes Have Been Saved ................................................................................ 37 2.5 Activate Pending Changes .......................................................................................... 38 2.5.1 Activate Changes ............................................................................................................. 38 2.5.2 Activation Confirmation ..................................................................................................... 39 3 Configuring Cisco SD-WAN ....................................................................... 40 3.1 Log into Cisco SD-WAN vManage ............................................................................... 40 3.2 Configure GRE Tunnel (transport-side tunnel) ............................................................ 41 3.2.1 Feature and Device Template Modifications ..................................................................... 41 3.2.2 Add Feature Template for the Primary GRE Tunnel ......................................................... 44 3.2.3 Select VPN Interface GRE Feature Template ................................................................... 45 Page 2 of 160 3.2.4 Set GRE Basic Configuration and Source Interface .......................................................... 45 3.2.5 Set GRE Interface Destination .......................................................................................... 46 3.2.6 Enable GRE Keepalives ................................................................................................... 48 3.2.7 Create Feature Template for the Secondary GRE Tunnel ................................................ 49 3.2.8 Add GRE Interface Feature Template to Device Template ............................................... 51 3.2.9 VPN 0 Template ............................................................................................................... 52 3.2.10 Configuration Update .................................................................................................... 53 3.2.11 Add GRE Route............................................................................................................. 55 3.2.12 Configuration Update .................................................................................................... 55 3.2.13 Verify Tunnel Operation ................................................................................................. 58 3.3 Configuring Ipsec Tunnel (Transport-side and Service-side) ....................................... 60 3.3.1 Feature and Device Template Modifications ..................................................................... 60 3.3.2 Add Feature Template for the Primary Ipsec Tunnel ......................................................... 63 3.3.3 Select VPN Interface Ipsec Feature Template .................................................................. 64 3.3.4 Set Ipsec Basic Configuration and Source and Destination Interface................................ 64 3.3.5 Configure IKE Parameters ................................................................................................ 66 3.3.6 Configure Ipsec Cipher-suite ............................................................................................ 67 3.3.7 Create Feature Template for the Secondary Ipsec Tunnel ................................................ 68 3.3.8 Add Ipsec Interface Feature Template to Device Template .............................................. 70 3.3.9 VPN 0 or VPN 1 Template ................................................................................................ 71 3.3.10 Configuration Update .................................................................................................... 72 3.3.11 Add Service Routes ....................................................................................................... 74 3.3.12 Configuration Update .................................................................................................... 78 3.3.13 IOS XE SD-WAN Ipsec Tunnel Workarounds ................................................................ 80 3.3.14 Verify Tunnel Operation ................................................................................................. 83 3.4 Configuring Layer 7 Health Checks ............................................................................. 84 3.4.1 Feature and Device Template Modifications ..................................................................... 85 3.4.2 Add System Template with Tracker .................................................................................. 86 3.4.3 Add IPSEC Tunnel Interface with a Tracker ...................................................................... 87 3.4.4 Add New Feature Templates to the Device Templates ..................................................... 88 4 Verifying Service Configuration ................................................................ 89 4.1 Request Verification Page ........................................................................................... 89 5 Requesting

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    160 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us