Knowledge Base > ACS >

How to set up VPN tunnels between registered Vigor Routers by SD-WAN on ACS 3?

SD-WAN (software-defined networking WAN) is a key feature of ACS3, which allows a network administrator to manage any combinations among internet services (Ethernet, LTEs and VPNs…). By this feature, we are able to establish VPN tunnels in a snap. This article will demonstrate how to set up VPN tunnels on ACS 3.
About how to enable SD-WAN network, please refer the article here.

Why set up VPN tunnels via ACS 3 SD-WAN?

a screenshot of Hub and Spoke/Full Mesh

How to go to VPN (SD-WAN) Page?

1. On ACS3 Dashboard,

  1. Tap the Network box which is located at the top
  2. Click the network group
a screenshot of Network group

2. Go to Monitoring >> VPN (SD-WAN).

a screenshot of Monitoring sidebar

Anchor points for VPN tunnel setup: Hub and Spoke, Full Mesh


Setup VPN tunnels for Hub and Spoke type

On ACS 3 site

1. On VPN page, tap Add VPN Tunnel(s)

a screenshot of Add VPN Tunnel(s)

2. On VPN Setup page, select the device(s) to be the Hub(s).

a screenshot of select the Hub(s)

3. After define the Hub(s), tap Show Details and

  1. Click the cancel icon to delete the devices which are unnecessary to be spokes
  2. Select the WAN interface
  3. Select VPN type (In this example, we use IPsec type to establish VPN tunnels)
  4. (Optional) Enable Customize IKE Pre-Shared Key to create a Pre-Shared Key manually
  5. Select IPsec security method
  6. Click Save and set to CPEs
a screenshot of VPN setup for Hub and Spoke

4. After connections creating, the Tunnel List will demonstrate the status of all the VPN tunnels.

a screenshot of connections creating for Hub and Spoke a screenshot of Tunnel List for Hub and Spoke

On Hub site (Dial-in site)

a screenshot of Hub site

On Spoke site (Dial-out side)

a screenshot of Spoke site

Setup VPN tunnels for Full Mesh type

On ACS 3 site

1. On VPN Setup page,

  1. Click Full Mesh
  2. Click the cancel icon to delete the devices which are unnecessary to be Full Mesh devices
  3. Select the WAN interface
  4. Select VPN type (In this example, we use IPsec type to establish VPN tunnels)
  5. (Optional) Enable Customize IKE Pre-Shared Key to create a Pre-Shared Key manually
  6. Select IPsec security method
  7. Click Save and set to CPEs
a screenshot of Full Mesh setup

2. After connections creating, the Tunnel List will demonstrate the status of all the VPN tunnels.

a screenshot of Full Mesh tunnel list

On each router site

a screenshot of each router site

Published On:2021-05-21 

Was this helpful?   

Sorry about that. Contact Support if you need further assistance, or leave us some comments below to help us improve.

Related Articles