Help Center User GuideGetting StartedFAQRelease NotesRelease NotesRelease NotesRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Release Notes
Release Notes
Release Notes
Contents  

Dynamic VPN Tunnels Overview

In releases earlier than CSO 4.1.0, all static tunnels are established between spoke sites during the Zero Touch Provisioning (ZTP) process.

However, starting with Release 4.1.0, during ZTP, only the following static tunnels are established:

  • Between an on-premise spoke site and the corresponding enterprise hub (primary enterprise hub or secondary enterprise hub)

  • Between an on-premise spoke site and the provider hub (primary provider hub or secondary provider hub)

  • Between two enterprise hubs

Therefore, the communication between two on-premise spoke sites is established only through the enterprise hub or the provider hub.

CSO dynamically create or delete a VPN tunnel (without passing through an enterprise hub or a provider hub) between two spoke sites, if:

  • The number of sessions closed between two spoke sites crosses the configured threshold value, and

  • The WAN links of spoke sites have matching mesh tags. For more information, see Mesh Tags Overview.

Note The dynamic VPN feature is applicable only for SD-WAN sites in real-time optimized mode (Full mesh).

The OpCo administrator or tenant administrator can modify the default threshold value on the following pages:

  • The Administration > Dynamic VPN page of Administration portal (Global Level)

    Note Only the OpCo administrator can modify the default threshold value on this page.

  • The Add Tenant page (Tenant-level)

  • The Administration > Dynamic VPN page of Customer portal (Global Level)

  • The Add On-Premise Spoke Site page (Site-level)

  • The Add Enterprise page (Site-level)

The threshold value that you specify at site-level takes precedence over the tenant-level and global-level threshold values.

That is, the threshold value that you specify on the Add Tenant page overrides the threshold value that you specified on the Dynamic VPN page of Administration Portal.

Similarly, the threshold value that you specify in the Add Site page overrides the threshold value that you specified on the Dynamic VPN page and Add Tenant page.

Note Changes that OpCo administrators make at global level do not apply to already-created tenants. The changes are applied only to tenants created after the changes have been made at the global level.

CSO allows you to manually create or delete dynamic VPN tunnels between a source site and a destination site by using Add On-Demand VPN Tunnel or Delete On-Demand VPN Tunnel pages in Customer Portal.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit