Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Dynamic VPN Tunnels Thresholds for all Sites in a Tenant

 

CSO dynamically creates or deletes a VPN tunnel (without passing through a enterprise hub or hub) between two spoke sites, if the following conditions are met:

  • The number of sessions closed between two spoke sites crosses the threshold value.

  • The WAN links of the two spoke sites have matching mesh tags.

For more information on dynamic VPN tunnels, see Dynamic VPN Tunnels Overview.

Note

The Dynamic VPN page appears only for tenants with real-time optimized SD-WAN mode.

To modify threshold values at the tenant-level:

  1. Select Administration > Dynamic VPN.

    The Dynamic VPN page appears.

  2. Complete the configuration according to the guidelines Table 1.Note

    Fields marked with * are mandatory.

  3. Click Save to save the changes.

    A confirmation message appears indicating that the threshold values are saved and you are returned to the Dynamic VPN page.

    The threshold values that you specify are immediately applicable for all sites in the tenant.

    Note

    You can also modify the threshold values while adding a spoke site or a enterprise hub site. The threshold value that you specify on the Add Site page (On-premise or enterprise hub site) overrides the threshold value that you specified on the Dynamic VPN page of the Customer Portal.

Table 1: Fields on the Dynamic VPN page

Field

Description

Threshold

Select this check box to customize the dynamic VPN threshold value that will override threshold value specified at the global level (for all tenants).

Threshold for Creating a Tunnel

Sessions Closed

Specify the number of sessions closed (for a duration of 2 minutes) between two spoke sites.

If the number of sessions closed (for a duration of 2 minutes) is greater than or equal to the value that you specified, a dynamic VPN tunnel is created between two spoke sites.

The default threshold value (the number of sessions closed for 2 minutes) is 5.

For example, if you specify the number of sessions closed as 10, dynamic VPN tunnels are created if the number of sessions closed between two spoke sites in 2 minutes is greater than or equal to 10.

Threshold for Deleting a Tunnel

Sessions Closed

Specify the number of sessions closed (for a duration of 15 minutes) between two spoke sites.

If the number of sessions closed (for a duration of 15 minutes) is lesser than or equal to the value that you specified, a dynamic VPN tunnel is deleted between two spoke sites.

The default threshold value (the number of sessions for 15 minutes) is 2.

For example, if you specify the number of sessions closed as 10, dynamic VPN tunnels are deleted if the number of sessions closed between two spoke sites in 15 minutes is less than or equal to 10.

Related Documentation