To add unmanaged sites to an NGE domain

Steps
 

Choose Manage→Network Group Encryption from the NFM-P main menu. The Manage Network Group Encryption form opens.

Choose Key Group from the drop-down menu and click Search. The NFM-P NGE key groups are listed.

Select a key group and click Properties. The Key Group (Edit) form opens.

Click on the Encryption tab, then on the NGE Domains sub-tab.

Choose an NGE domain and click Properties. The NGE Domain (Edit) form opens.

Configure at least one site and interface in the domain as a gateway. At least one gateway must be present before an unmanaged site can be added to the domain.

To configure a gateway:

  1. Click on the Gateways tab, then on the Sites sub-tab.

  2. Click Add and select a site.

  3. Click OK to add the site to the list of gateway sites.

  4. Click on the Interfaces sub-tab.

  5. Click Add and select an L3 interface.

  6. Click OK to add the interface to the list.

Add one or more unmanaged sites to the domain.

To add an unmanaged site:

  1. Click on the Domain Sites sub-tab.

  2. Click Add→Add Unmanaged Sites. The NGE Domain Site (Create) form opens.

  3. Configure the parameters.

    If you need to discover a VSR which is managed by a VSR-a, configure the Managed by VSR-a check box and enter the VSR-a IP address. The VSR will be discovered as part of discovering the VSR-a.

  4. Click OK.

The unmanaged site is added to the list of sites in the domain.

Repeat this step as required to add other sites.

Verify that the Unmanaged Site check box is enabled for all unmanaged sites.

Select the unmanaged sites and click NGE Discovery. The IP addresses of the unmanaged sites are added to the discovery rule specified in Step 7.

When NGE discovery is triggered, the NFM-P inserts the IP address of the unmanaged NE to the specified discovery rule. ACL IP exception filters will then be created on the gateway interface, in preparation for successful encryption on the interface of the newly discovered NE. 

Wait for the NGE discovery process to complete an NE resynchronization. When the resynchronization is complete, the discovered sites become managed sites in the NGE domain and the Unmanaged Site check box is disabled.

If the NGE Discovery Execution Status is Failed, check the NGE Discovery Execution State for the failure reason.

10 

Enable encryption on interfaces of the newly discovered NE by following Step 10 of To configure an NGE domain.

After encryption has been enabled, the ACL IP exception filters are removed by the NFM-P.

11 

Close the forms.

End of steps