Solved: Re: No Connectivity from vManage shell to my laptop's IP

VijayMunoli · ‎07-07-2021

I am currently exploring the SDWAN Sandbox to learn about SDWAN. As part of it I am trying to implement a webhook on my windows machine to which vManage will send Alarm Events.

Following are the steps:

Created Cisco SDWAN Sandbox lab.
Connected to the devnet VPN using the credentials provided from SDWAN Sandbox.
Started the webhook:
$ python webhook.py &
[2] 1003
(venv)
@** /d/CiscoSDWAN/sdwan-webhooks (master)
$ * Serving Flask app "webhook" (lazy loading)

Environment: production
WARNING: Do not use the development server in a production environment.
Use a production WSGI server instead.

- Debug mode: on
- Restarting with stat
- Debugger is active!
- Debugger PIN: 111-198-456
- Running on all addresses.
  WARNING: This is a development server. Do not use it in a production deployment.

Running on http://192.168.1.103:5001/ (Press CTRL+C to quit

The above IP 192.168.1.103 is the IP Address shown in the Wireless LAN Adapter Wi-Fi section of 'ipconfig /all'

4. Now when trying the curl command from vManage shell i receive error that connection is not established. Ping and telnet to the above IP Address and port also not working from vManage shell.

Note that using Postman I am able to run vManage APIs successfully.

bigevilbeard · ‎07-08-2021

@VijayMunoli that is correct - there is no way to access your local machine back over the VPN. The sandbox is not on the same VPN client subnet and located in a DMZ. In your case, you will see this fail if you run the following from the vManage shell.

vmanage:~$ curl -v -X POST -H 'Content-type: application/json' http://192.168.254.111:5001/
* Trying 192.168.254.111...
* TCP_NODELAY set
* connect to 192.168.254.111 port 5001 failed: Connection refused
* Failed to connect to 192.168.254.111 port 5001: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 192.168.254.111 port 5001: Connection refused

There is no routing on the vManage subnet to allow this to return to your local machine. From vManage you can only access local resources such as the devbox / vbond / vsmart and edge devices/hosts.

You can perform and access inbound API resources and have full admin privileges to all the devices on the reservable sandbox's only.

Hope this helps.

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

View solution in original post

VijayMunoli · ‎07-08-2021

Hi @bigevilbeard

Thank you so much for you time on this.

I am just a beginner here and have a couple of basic queries too :

1. I have been referring to https://github.com/suchandanreddy/sdwan-webhooks to do this. There is no mention of this issue there and it looks like this worked based on the instructions (not sure if the test was done on a sandbox environment or a live production environment).

2. REST API Requests from my laptop to vmanage from Postman work. It does have the process of first Authenticating and generating a Token, but if connectivity between these two boxes is an issue how does this communication happen?

View solution in original post

bigevilbeard · ‎07-08-2021

@VijayMunoli that is correct - there is no way to access your local machine back over the VPN. The sandbox is not on the same VPN client subnet and located in a DMZ. In your case, you will see this fail if you run the following from the vManage shell.

vmanage:~$ curl -v -X POST -H 'Content-type: application/json' http://192.168.254.111:5001/
* Trying 192.168.254.111...
* TCP_NODELAY set
* connect to 192.168.254.111 port 5001 failed: Connection refused
* Failed to connect to 192.168.254.111 port 5001: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 192.168.254.111 port 5001: Connection refused

There is no routing on the vManage subnet to allow this to return to your local machine. From vManage you can only access local resources such as the devbox / vbond / vsmart and edge devices/hosts.

You can perform and access inbound API resources and have full admin privileges to all the devices on the reservable sandbox's only.

Hope this helps.

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

VijayMunoli · ‎07-08-2021

Hi @bigevilbeard

Thank you so much for you time on this.

I am just a beginner here and have a couple of basic queries too :

1. I have been referring to https://github.com/suchandanreddy/sdwan-webhooks to do this. There is no mention of this issue there and it looks like this worked based on the instructions (not sure if the test was done on a sandbox environment or a live production environment).

2. REST API Requests from my laptop to vmanage from Postman work. It does have the process of first Authenticating and generating a Token, but if connectivity between these two boxes is an issue how does this communication happen?

bigevilbeard · ‎07-09-2021

@VijayMunoli i do not know the environment this was sample was run on, it was not created with the intention of this being run over a VPN solution.

Inbound: traffic initiate from external - Inbound means another server or client in front of the firewall, initiate a connection with own server.

Outbound: traffic initiate from internal - Outbound means your server behind the wall, initiates a connection to another server or client.

In the sandbox, traffic cannot be initiate to your local machine.

Hope this help.

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

VijayMunoli · ‎07-09-2021

Thanks again @bigevilbeard