Configuring the Corporate Tunnel

Topic

This article describes setting up the Corporate Tunnel configuration for your Secure Edge clients.

Environment

Datto Secure Edge

Description

The Corporate Tunnel is a VPN you can create to let subscribers use Secure Edge to reach corporate assets within your secured network . This tunnel uses the Secure Edge cloud to process and inspect traffic.

You must have the Secure Edge cloud enabled to create the Corporate Tunnel.

For information on setting up the Corporate Tunnel with a D200, see Datto Networking: Configuring a site-to-site VPN on a D200
For information on setting up the Corporate Tunnel with a DNA, see Datto Networking Appliance (DNA): Site-to-Site VPN

Navigating to Secure Edge settings

1. In Datto Network Manager, click Secure Edge in the Navigation menu, then select Service Settings from the expanded options.

Figure 1: The Navigation menu

2. Click the Corporate Tunnel link near the top of the screen.

Figure 2: Corporate Tunnel options

Configuring corporate tunnel settings

1. On the Cloud Service page, toggle the Enable slider on.

2. Select the Tunnel Type. The WAN Mesh option will be disabled if you have not configured a mesh network.

3. Enter the Corporate IP (the public IP address of the firewall to which you are connecting), then enter the Corporate Subnet, using slash notation.

4. Enter the pre-shared key you are using for this connection. The pre shared key must be the same value as the connecting service.

5. Select the IPSec mode (IKEv1 or IKEv2) from the drop-down menu. The IPSec mode must match that used by the connecting service. Click Show Phase Settings to view and edit IPSec mode phase settings.

Figure 3: Corporate tunnel settings

Additional settings

Dead Peer Detection

Enable Dead Peer Detection if you wish to configure the Secure Edge device to detect the existence and validity of its peers. You can specify, in seconds, the timeout for the dead peer, after which the device will terminate the dead peer's connection.

Private DNS servers

Enable this setting to configure Secure Edge with your private DNS server. Private DNS settings will have a higher priority than cloud DNS settings.
You must enable DNS Search Domain for Active Directory hostnames to work properly on VPN subscriber machines (mapped drives, file shares, etc.)
Your DNS Search Domain should match your Active Directory Domain if you are using Active Directory. Otherwise file share drives, printers, and other devices may not work as expected.

Figure 4: Private DNS Server settings

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.