browse
Overview
Multiple tunnels can be created for Umbrella SIG even from the same location.
IMPORTANT!: You may not re-use the same Tunnel ID at any time. Each IPSEC connection must use a unique Tunnel ID. Duplicate Tunnel IDs may result in traffic failing to pass. |
For devices that support FQDN VPN ID:
Multiple tunnels can be created behind the same egress IP if "User FQDN" VPN ID is used to identify the tunnel.
- Configure the Network tunnels using the 'Other' profile in (Deployments > Network Tunnels) in Umbrella.
- This allows you to optional configure an FQDN to be used as the Tunnel ID, instead of IP address.
- Reconfigure your device to use the configured "User FQDN" peer ID. (eg. site1@12345678-987654321-umbrella.com)
The tunnels can optionally terminate at the same Umbrella DC. For instance, if the tunnel ID are site1@12345678-987654321-umbrella.com and site2@12345678-987654322-umbrella.com. They can terminate on the same head-end.
IMPORTANT!: If you intend to deploy multiple connections to the same DataCenter from the same egress IP, your device must change the source port for IPSEC traffic in order to differentiate the connection. |
Here is an example of multiple connections from the same egress IP to the Miami Datacenter.
(Tunnel ID) | SRC IP | DST IP | SRC PORT | DST PORT | Protocol |
one@123-123-umbrella.com |
203.0.113.42 |
146.112.84.8 | 4500 | 4500 | IPSEC |
two@123-456-umbrella.com |
203.0.113.42 |
146.112.84.8 | 4501 | 4500 | IPSEC |
three@123-789-umbrella.com |
203.0.113.42 |
146.112.84.8 | 4502 | 4500 | IPSEC |