Enabling Automatic Allowlisting of Branch Gateway on a VPNC

To allowlist a Branch Gateway automatically on a VPNC, complete the following steps:

1. In the WebUI, select a group in which VPNCs are provisioned.

   The dashboard context for a group is displayed.

2. Under Manage, click Devices > Gateways.

   A list of gateways is displayed in the List view.

3. Click the Config icon.

   The gateway group configuration page is displayed.

4. If you are in the Basic Mode, click Advanced Mode to access the advanced configuration options.

5. Click VPN > SD-WAN Overlay.

6. Select the Overlay mode as Manual.

7. Under Hub Settings, configure the following:

   1. Turn on the Automatically allowlist VPNCs toggle switch.

   2. Enter a passphrase for VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. peer authentication. Ensure that the same passphrase is configured on the Branch Gateways.

   3. Select any of the following encryption methods from the Encryption drop-down list:

      • Factory Cert—To use the built-in TPM Trusted Platform Module. TPM is an international standard for a secure cryptoprocessor, which is a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices. certificate for mutual authentication.

      • Custom Cert—To use custom certificates for mutual authentication. If you want to use custom certificates, ensure that the CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. and Server certificates are uploaded to the certificate inventory on HPE Aruba Networking Central. For more information, see Certificates.

8. Click Save Settings.

9. Expand Advanced, and configure the following:

   1. To apply a route ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. to the IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. session, select an ACL from the Route ACL drop-down.

   2. To apply a session ACL, select an ACL from the Session ACL drop-down.

   3. If you want to assign overlapping uplink IP addresses across the branches, enable the Uplink IP addresses overlap across branches feature and then enter the IP address range configured for the Branch Pool.

10. Click Save Settings.

This animation will help you to allowlist a Branch Gateway automatically on a VPNC.