Enabling a Redundant Primary VPN Tunnel for a Non SD-WAN Destination
search cancel

Enabling a Redundant Primary VPN Tunnel for a Non SD-WAN Destination


Article ID: 323710


Updated On:




In a Non SD-WAN Destinations via Gateway configuration, VMware always recommends having a redundant VPN tunnel enabled which uses a secondary VMware SD-WAN Gateway. 

The "Redundant VeloCloud Cloud VPN" option provides redundancy and connectivity from a secondary Gateway to the Non SD-WAN Destination site to protect against a loss of connectivity to the site's Primary Gateway.  When configured, should the Non SD-WAN Destination's Primary Gateway go down, the traffic would fail over to the Secondary Gateway.

Note: "Non SD-WAN Destination via Gateway" is the name used in Release 4.0.0 and forward for what was formerly called a "Non-VeloCloud Site" (NVS). When using a Release 3.x Orchestrator the name will show as a Non-VeloCloud Site.  Please be aware of the name shift going forward.


In order to enable Primary VPN tunnel redundancy for the Non SD-WAN Destination, please follow the below steps:

(1) Navigate to Configure > Network Services to locate the Non-VeloCloud Site to be configured (or "Non SD-WAN Destination via Gateway" if using a 4.x Orchestrator or later).

(2) Once the Non-VeloCloud Site configuration screen loads, the user may select the Advanced button as highlighted below

(3) Enable the check box on the Redundant VeloCloud VPN field as highlighted below, and click Save Changes.

Once the Primary VPN Redundant tunnel is enabled, please verify this redundant tunnel to the Non SD-WAN Destinations site is established and working.  This is done by checking the Monitor > Network Services page for that site,  Once the site is located, look for the Redundant Primary Tunnel status icon and ensure it is green. If a mouse icon is hovered over the second green tunnel status icon a box will read "Redundant Primary VPN Tunnel" with Status "Connected"