Citrix SD-WAN

How to configure IPsec tunnels for virtual and dynamic paths

To configure IPsec tunnels for virtual and dynamic virtual paths between Citrix SD-WAN branch sites:

  1. Navigate to Global > Virtual Path Default Sets or Dynamic Virtual Path Default Sets.

    Virtual path set global

  2. Create new default set (virtual or dynamic virtual path), and enable Secure Virtual Path User Data with IPsec.

  3. Choose one of the available options for IPsec encryption:

    • Encapsulation types: ESP, AH, or ESP+AH

    • Encryption Modes: AES-CBC, AES 128, or 256-Bit

    • Hash Algorithm: SHA1 or SHA-256

  4. Apply the created Virtual Path Default Set to the MCN node. This automatically applies the same default set to all Client nodes that have Virtual Path to the MCN.

    Enable secure virtual path

How to configure IPsec tunnels for virtual and dynamic paths

In this article