# Select Virtual Edge as Access Point ## Prerequisites You need to have at least one customer premise equipment (CPE). ## Procedures [**Virtual Edge**](https://docs.console.zenlayer.com/welcome/overview/concepts#virtual-edge) connection is a cost-effective solution to connect your office far away. The Internet Protocol Security (IPsec) access is supported for now.

1. Select the IPsec access method and decide whether to enable high availability (HA) according to your actual needs.\ High availability (HA) supports both primary and backup access points' configuration to perform a failover, which is is critical to disaster recovery (DR).

**Note** * The static routing is not supported in HA. IPsec connection in HA only support BGP routing. * You need to configure both primary and backup informations, including locations, IPs, if you have enabled HA. 2. Select the location closest to your CPE. If you enable HA, select both primary and backup locations. 3. Label your IPsec connection for identification. ## IPsec Tunnel Configuration After adding the virtual edge point, go to **Configuration** to configure the IPsec tunnel. An IPsec tunnel is just like a virtual "tunnel" through a public network between two dedicated routers, enabling safe and secure transmission of data.

Select a mode and enter a pre-shared key (PSK) for negotiation. If you select **Customer IP Address** mode, provide your public remote IP address of your CPE. ### FQDN A fully qualified domain name (FQDN) is the unique identification of the remote endpoint with which IPsec tunnel negotiations should be allowed. ### Customer IP Address A public IP address of the remote endpoint with which IPsec tunnel negotiations should be allowed. {% hint style="info" %} **Note** * You're recommended to use **FQDN** mode because you can have a more dynamic public IP planing. * If you choose **Customer IP Address** mode, please ensure the public IP cannot change. * If you enable HA, both primary and backup PSKs are required. {% endhint %} ## What to Do Next Configure [**routing**](https://docs.console.zenlayer.com/welcome/cloud-networking/get-started/create-a-layer-3-connection/configure-routing-information) and [**bandwidth**](https://docs.console.zenlayer.com/welcome/cloud-networking/get-started/create-a-layer-3-connection/configure-network-information) to finish the virtual edge point adding. After creating the cloud router, click the label of IPsec point to view the detailed information. Configure the IPsec and routing information on your CPE.

{% hint style="info" %} **Note** * You'd better choose the **Recommended** configuration. * IKEv1 Main is only used for Remote IP negotiation. {% endhint %}