01-17-2020 12:49 PM
Hi Guys
my CSRv acting cEdge its DTLS connection hangs as in the below state:
PEER PEER PEER SITE DOMAIN PEER PRIVATE PEER PUBLIC LOCAL REMOTE REPEAT
TYPE PROTOCOL SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT LOCAL COLOR STATE ERROR ERROR COUNT DOWNTIME
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
vbond dtls - 0 0 100.100.100.101 12346 100.100.100.101 12346 default challenge_resp RXTRDWN SERNTPRES 0 2020-01-17T22:31:04+0200
pls note , the S/N already exist in the vbond
also note the below:
BR2-cEdge#sh sdwan control local-properties
personality vedge
sp-organization-name vSD_WAN_Lab
organization-name vSD_WAN_Lab
root-ca-chain-status Installed
certificate-status Not-Installed
certificate-validity Not Applicable
certificate-not-valid-before Not Applicable
certificate-not-valid-after Not Applicable
dns-name 100.100.100.101
site-id 200
domain-id 1
protocol dtls
tls-port 0
system-ip 1.1.1.7
chassis-num/unique-id CSR-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ----->this number already exist in vbond as valid vedge
serial-num No certificate installed
keygen-interval 1:00:00:00
retry-interval 0:00:00:18
no-activity-exp-interval 0:00:00:12
dns-cache-ttl 0:00:02:00
port-hopped FALSE
time-since-last-port-hop 0:00:00:00
number-vbond-peers 1
INDEX IP PORT
-----------------------------------------------------
0 100.100.100.101 12346
number-active-wan-interfaces 1
NAT TYPE: E -- indicates End-point independent mapping
A -- indicates Address-port dependent mapping
N -- indicates Not learned
Note: Requires minimum two vbonds to learn the NAT type
PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE MAX RESTRICT/ LAST SPI TIME NAT VM
INTERFACE IPv4 PORT IPv4 IPv6 PORT VS/VM COLOR STATE CNTRL CONTROL/ LR/LB CONNECTION REMAINING TYPE CON
STUN PRF
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
GigabitEthernet1 100.100.100.106 12346 100.100.100.106 :: 12346 0/0 default up 2 no/yes/no No/No 0:00:00:21 0:11:08:36 N 5
even though the root-ca installed as below output
BR2-cEdge#$software sdwan root-cert-chain install bootflash:SD-WAN-CA.cer
Uploading root-ca-cert-chain via VPN 0
Copying ... /bootflash/SD-WAN-CA.cer via VPN 0
Updating the root certificate chain..
Successfully installed the root certificate chain
BR2-cEdge#
01-27-2020 02:44 PM
Hi Ibrahim,
Can you post the output of the following from your Vbond:
# show orchestrator valid-vedges
Check , if the output from the above command and from the actual CSRv matches or not for the chassis number. It is case sensitive too.
Follow this post for more details:
https://community.cisco.com/t5/sd-wan/viptela-vedge-cloud-not-building-control-connections/td-p/3894311
Regards,
Hitesh Sood
Mark it resolved, in case this solves the issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide