Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Contents  

Dynamic VPN Tunnels Overview

In releases earlier than CSO 4.1.0, static tunnels are established between spoke sites during the Zero Touch Provisioning (ZTP) process.

Starting with Release 4.1.0, during ZTP only the following static tunnels are established:

  • Between an on-premise spoke site and the corresponding gateway site

  • Between an on-premise spoke site and hub (Primary hub or secondary hub)

  • Between two gateway sites

Therefore, the communication between two on-premise spoke sites is established only through the gateway site or the hub.

CSO can dynamically creates or deletes a VPN tunnel between two spoke sites (without passing through a gateway site or hub), if:

  • The number of sessions closed between two spoke sites crosses the threshold value, and

  • The WAN links of spoke sites have matching mesh tags.

Note This feature is applicable only for SD-WAN sites in real-time optimized mode (Full mesh).

The default threshold value for creating a dynamic VPN tunnel (maximum number of sessions closed in a two-minute duration) is 5. The default threshold value for deleting a dynamic VPN tunnel (minimum number of sessions closed in a 15-minute duration) is 2.

The SP administrator, operating company (OpCo) administrator, or tenant administrator can modify the default threshold value on the following pages:

  • The Administration > Dynamic VPN page of Administration portal (Global Level)

  • The Add Tenant page (Tenant-level)

  • The Administration > Dynamic VPN page of Customer portal (Global Level)

  • The Add On-Premise Spoke Site page (Site-level)

  • The Add Gateway Site page (Site-level)

The threshold value that you specify at site-level takes precedence over the tenant-level and global-level threshold values.

That is, the threshold value that you specify on the Add Tenant page overrides the threshold value that you specified on the Dynamic VPN page of Administration Portal.

Similarly, the threshold value that you specify in the Add Site page overrides the threshold value that you specified on the Dynamic VPN page and Add Tenant page.

CSO also provides the flexibility for the SP administrator, OpCo administrator, or the tenant administrator to create or delete dynamic VPN tunnels between a source site and a destination site by using the CSO GUI in Customer Portal.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit