Solved: Re: IWAN Branch Router reachability to controller

vishal-patil · ‎12-09-2016

Hello,

I am new to the concept of IWAN and trying to deploy branch site through apic-em IWAN app (rough topo diagram attached). The hub site is deployed successfully with iwan app

The branch router is booting with bootstrap (in bootstrap, NATed IP is used which is 20.20.20.3)

For some reason branch router cannot contact apic-em

Also, configured below nat configuration on hub2 router -

ip nat inside source static 10.10.10.1 20.20.20.3 vrf IWAN-TRANSPORT-2

Any suggestion?

Thanks,

Vish

vishal-patil · ‎12-20-2016

The NAT is not vrf aware and so I had to configure VASI on the inet hub router in order to reach the controller IP.

Its working now. Thanks

View solution in original post

cchitnis · ‎12-09-2016

"Spoke (branch) behind NAT" use-case is not supported till now. It will be supported from upcoming release (1.4)

vishal-patil · ‎12-09-2016

But I am trying to nat apic em IP on Hub border router

cchitnis · ‎12-09-2016

Can you share your bootstrap config? Specifically, the route to reach to controller (must be default route I'm assuming)

Additionally, if hub is in configured state, can you share the existing config (of the hub where NAT is configured). Specifically, the networks routed through this hub and ACLs in place?

I'm assuming you are bringing up the device through PNP. If so, in your PNP profile, if you are trying to reach PNP server on APIC-EM, is it reachable from device?

cchitnis · ‎12-12-2016

If your Hubs are provisioned can you please check and let us know if the subnet in which controller resides is being advertised all the way through to the branch - via routing or other static routes? Clearly, it's routing that's lacking in your set-up that's causing no connection between your branch and the controller.

vishal-patil · ‎12-20-2016

The NAT is not vrf aware and so I had to configure VASI on the inet hub router in order to reach the controller IP.

Its working now. Thanks