Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1138
Views
8
Helpful
5
Replies

IWAN Branch Router reachability to controller

Go to solution
vishal-patil
Level 1
Level 1

‎12-09-2016 12:14 PM - edited ‎03-01-2019 04:34 AM

Hello,

I am new to the concept of IWAN and trying to deploy branch site through apic-em IWAN app (rough topo diagram attached). The hub site is deployed successfully with iwan app

The branch router is booting with bootstrap (in bootstrap, NATed IP is used which is 20.20.20.3)

For some reason branch router cannot contact apic-em

Also, configured below nat configuration on hub2 router -

ip nat inside source static 10.10.10.1 20.20.20.3 vrf IWAN-TRANSPORT-2

Any suggestion?


Thanks,

Vish

Labels:
Preview file
5118 KB
1 Accepted Solution

Accepted Solutions

Go to solution
vishal-patil
Level 1
Level 1
In response to cchitnis

‎12-20-2016 01:23 PM

The NAT is not vrf aware and so I had to configure VASI on the inet hub router in order to reach the controller IP.

Its working now. Thanks

View solution in original post

5 Replies 5

Go to solution
cchitnis
Cisco Employee
Cisco Employee

‎12-09-2016 12:24 PM

"Spoke (branch) behind NAT" use-case is not supported till now. It will be supported from upcoming release (1.4)

Go to solution
vishal-patil
Level 1
Level 1
In response to cchitnis

‎12-09-2016 01:02 PM

But I am trying to nat apic em IP on Hub border router

Go to solution
cchitnis
Cisco Employee
Cisco Employee
In response to vishal-patil

‎12-09-2016 01:21 PM

Can you share your bootstrap config? Specifically, the route to reach to controller (must be default route I'm assuming)

Additionally, if hub is in configured state, can you share the existing config (of the hub where NAT is configured). Specifically, the networks routed through this hub and ACLs in place?

I'm assuming you are bringing up the device through PNP. If so, in your PNP profile, if you are trying to reach PNP server on APIC-EM, is it reachable from device?

Go to solution
cchitnis
Cisco Employee
Cisco Employee
In response to vishal-patil

‎12-12-2016 02:17 PM

If your Hubs are provisioned can you please check and let us know if the subnet in which controller resides is being advertised all the way through to the branch - via routing or other static routes? Clearly, it's routing that's lacking in your set-up that's causing no connection between your branch and the controller.

Go to solution
vishal-patil
Level 1
Level 1
In response to cchitnis

‎12-20-2016 01:23 PM

The NAT is not vrf aware and so I had to configure VASI on the inet hub router in order to reach the controller IP.

Its working now. Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:


This community is intended for developer topics around Data Center technology and products. If you are looking for a non-developer topic about Data Center, you might find additional information in the Data Center and Cloud community

Customers Also Viewed These Support Documents