06-30-2023 01:20 PM
Hi guys.
I'm trying to connect Cisco Umbrella with cEdge.
While pushing it with template, Error "cedge-vpn-tracker does not exist" is repeating.
How can I solve this problem ?
cEdge Version : 17.3.5
I will appreciate to you If you give me help.
Thanks !
Solved! Go to Solution.
07-02-2023 09:54 PM
There is no.
I configured tracker under SIG Template, and I tried to push.
but still failed with same error message
07-02-2023 11:19 PM - edited 07-02-2023 11:27 PM
Hi guys.
This is what I do.
1. I didnt ever tracker config, Why I configure SIG Tracker is to solve this error
07-03-2023 01:09 AM
From Cisco IOS XE Release 17.4.1 and Cisco vManage Release 20.4.1, all SIG related workflows for automatic and manual tunnels have been consolidated into the Cisco SIG template. If you are using Cisco IOS XE Release 17.4.1 and Cisco vManage Release 20.4.1, or later, use the Cisco SIG template to configure GRE or IPSec tunnels to a third-party SIG, or GRE tunnels to a Zscaler SIG.
For a software release earlier than Cisco IOS XE Release 17.4.1, Cisco vManage Release 20.4.1, see Configuring a GRE Tunnel or IPsec Tunnel from Cisco vManage.
Layer 7 Health Check: The option to create trackers and monitor the health of manually created tunnels is available from Cisco IOS XE Release 17.8.1a, Cisco vManage Relase 20.8.1. In earlier releases, the Layer 7 Health Check feature is only available if you use VPN Interface GRE/IPSEC templates, and not with Cisco SIG templates.
From the Cisco vManage menu, choose Configuration > Templates.
Click Feature Templates.
Note |
In Cisco vManage Release 20.7.x and earlier releases, Feature Templates is called Feature. |
Click Add Template.
Choose the device for which you are creating the template.
Under VPN, click Cisco Secure Internet Gateway (SIG).
In the Template Name field, enter a name for the feature template.
This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 to 9, hyphens (-), and underscores (_). It cannot contain spaces or any other characters.
In the Description field, enter a description for the feature template.
(Optional) To create one or more trackers to monitor tunnel health, do the following in the Tracker section:
Note |
The option to create trackers and monitor tunnel health is available from Cisco IOS XE Release 17.8.1a, Cisco vManage Relase 20.8.1. |
Source IP Address: Enter a source IP address for the probe packets.
Click New Tracker.
Configure the following:
Field | Description | ||
---|---|---|---|
Name |
Enter a name for the tracker. The name can be up to 128 alphanumeric characters. |
||
Threshold |
Enter the wait time for the probe to return a response before declaring that the configured endpoint is down. Range: 100 to 1000 milliseconds Default: 300 milliseconds |
||
Interval |
Enter the time interval between probes to determine the status of the configured endpoint. Range: 20 to 600 seconds Default: 60 seconds |
||
Multiplier |
Enter the number of times to resend probes before determining that a tunnel is down. Range: 1 to 10 Default: 3 |
||
API url of endpoint |
Specify the API URL for the SIG endpoint of the tunnel.
|
Click Add.
To add more trackers, repeat sub-step b to sub-step d.
To create tunnels, do the following in the Configuration section:
SIG Provider: Click Generic.
Cisco vManage Release 20.4.x and earlier: Click Third Party.
Click Add Tunnel.
Under Basic Settings, configure the following:
Field | Description | ||
---|---|---|---|
Tunnel Type |
Based on the type of tunnel you wish to create, click ipsec or gre. |
||
Interface Name (0..255) |
Enter the interface name.
|
||
Description |
(Optional) Enter a description for the interface. |
||
Source Type |
Click INTERFACE. For Cisco IOS XE SD-WAN devices, INTERFACE is the only supported Source Type. |
||
Tracker |
(Optional) Choose a tracker to monitor tunnel health.
|
||
Track this interface for SIG |
Enable or disable tracker for the tunnel. By default, Cisco vManage enables a tracker for automatic tunnels. Default: On. |
||
Tunnel Source Interface |
Enter the name of the source interface of the tunnel. This interface should be an egress interface and is typically the internet-facing interface. |
||
Tunnel Destination IP Address/FQDN |
Enter the IP address of the SIG provider endpoint. |
||
Preshared Key |
This field is displayed only if you choose ipsec as the Tunnel Type. Enter the password to use with the preshared key. |
(Optional) Under Advanced Options, configure the following:
Field | Description |
---|---|
Shutdown |
Click No to enable the interface; click Yes to disable. Default: No. |
IP MTU |
Specify the maximum MTU size of packets on the interface. Range: 576 to 2000 bytes Default: 1400 bytes |
TCP MSS |
Specify the maximum segment size (MSS) of TPC SYN packets. By default, the MSS is dynamically adjusted based on the interface or tunnel MTU such that TCP SYN packets are never fragmented. Range: 500 to 1460 bytes Default: None |
Field | Description |
---|---|
Shutdown |
Click No to enable the interface; click Yes to disable. Default: No. |
IP MTU |
Specify the maximum MTU size of packets on the interface. Range: 576 to 2000 bytes Default: 1400 bytes |
TCP MSS |
Specify the maximum segment size (MSS) of TPC SYN packets. By default, the MSS is dynamically adjusted based on the interface or tunnel MTU such that TCP SYN packets are never fragmented. Range: 500 to 1460 bytes Default: None |
DPD Interval |
Specify the interval for IKE to send Hello packets on the connection. Range: 0 to 65535 seconds Default: 10 |
DPD Retries |
Specify how many unacknowledged packets to send before declaring an IKE peer to be dead and then removing the tunnel to the peer. Range: 0 to 255 Default:3 |
Field | Description |
---|---|
IKE Rekey Interval |
Specify the interval for refreshing IKE keys Range: 300 to 1209600 seconds (1 hour to 14 days) Default: 14400 seconds |
IKE Cipher Suite |
Specify the type of authentication and encryption to use during IKE key exchange. Choose one of the following:
Default: AES 256 CBC SHA1 |
IKE Diffie-Hellman Group |
Specify the Diffie-Hellman group to use in IKE key exchange, whether IKEv1 or IKEv2. Choose one of the following:
Default: 16 4096-bit modulus |
IKE ID for Local Endpoint |
If the remote IKE peer requires a local end point identifier, specify the same. Range: 1 to 64 characters Default: Tunnel's source IP address |
IKE ID for Remote Endpoint |
If the remote IKE peer requires a remote end point identifier, specify the same. Range: 1 to 64 characters Default: Tunnel's destination IP address |
Field | Description |
---|---|
IPsec Rekey Interval |
Specify the interval for refreshing IPSec keys. Range: 300 to 1209600 seconds (1 hour to 14 days) Default: 3600 seconds |
IPsec Replay Window |
Specify the replay window size for the IPsec tunnel. Options: 64, 128, 256, 512, 1024, 2048, 4096. Default: 512 |
IPsec Cipher Suite |
Specify the authentication and encryption to use on the IPsec tunnel. Choose one of the following:
Default: NULL SHA 512 |
Perfect Forward Secrecy |
Specify the PFS settings to use on the IPsec tunnel. Choose one of the following Diffie-Hellman prime modulus groups:
Default: Group-16 4096-bit modulus |
Click Add.
To create more tunnels, repeat sub-step b to sub-step e.
To designate active and back-up tunnels and distribute traffic among tunnels, configure the following in the High Availability section:
Field | Description |
---|---|
Active |
Choose a tunnel that connects to the primary data center. |
Active Weight |
Enter a weight (weight range 1 to 255) for load balancing. Load balancing helps in distributing traffic over multiple tunnels and this helps increase the network bandwidth. If you enter the same weights, you can achieve ECMP load balancing across the tunnels. However, if you enter a higher weight for a tunnel, that tunnel has higher priority for traffic flow. For example, if you set up two active tunnels, where the first tunnel is configured with a weight of 10, and the second tunnel with weight configured as 20, then the traffic is load-balanced between the tunnels in a 10:20 ratio. |
Backup |
To designate a back-up tunnel, choose a tunnel that connects to the secondary data center. To omit designating a back-up tunnel, choose None. |
Backup Weight |
Enter a weight (weight range 1 to 255) for load balancing. Load balancing helps in distributing traffic over multiple tunnels and this helps increase the network bandwidth. If you enter the same weights, you can achieve ECMP load balancing across the tunnels. However, if you enter a higher weight for a tunnel, that tunnel has higher priority for traffic flow. For example, if you set up two back-up tunnels, where the first tunnel is configured with a weight of 10, and the second tunnel with weight configured as 20, then the traffic is load-balanced between the tunnels in a 10:20 ratio. |
Click Save.
07-03-2023 02:14 AM
Delete SIG template (if it is attached to only this device).
Create new from scratch without tracker (it is mandatory just to add source IP, it is not mandatory to create tracker), and let's see what happens (tunnel with be without tracker), as below:
07-10-2023 03:25 AM
This is not helping, I am also facing the same issue. mine is 20.6 version.
07-10-2023 06:57 AM
Hi.
You seem to talk your vManage version.
We discussed IOS-XE Version.
Check your IOS-XE version whether you are running recommend version or not.
12-11-2023 09:41 AM
12-11-2023 09:16 PM
Thank you bro.
I started Cisco SD-WAN Engineering in Jun 2023.
I should have studied and looked more information.
Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide