Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
657
Views
10
Helpful
2
Replies

Does TLOC has to match for IPSEC tunnel?

Go to solution
Jackyhope
Level 1
Level 1

‎01-09-2021 08:28 AM

Hi everybody,

Please consider the following example:

 

QUESTION-1.PNG

 

Above we have:

1) Viptela controllers ( not shown ) controlling three vedeges,  assume  all vedges are allowed to talk to each other. All viptela vedges uses TLOC IP addresses to form IPSEC tunnels, so Vedge -NY uses 1.1.1.1 , Vedge-CA uses 2.2.2.3 and so on.

2) Let say Vedge-NY wants to establish IPSEC tunnel ( data plane) with Vedge-CA for VPN2 connectivity, Since Vedge-NY is using TLOCA and Vedge-CA is using TLOC B, are they still be able to form IPSEC tunnel, does TLOC have to match on both ends?

 

Thanks and have a good weekend!! 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
osdesent
Cisco Employee
Cisco Employee

‎01-11-2021 06:18 AM

1) first of all the TLOC are not IPs....we could say that are only identificators

 

2)I think there's a misunderstanding about the SD-WAN concepts...just remember the next, a TLOC is composed by the System IP "Identificator", a Color and an encapsulation. Most of the times the encapsulation will always be IPsec, and the System IP is up to you...now what will differ is the color which is relevant per type of transport, for instance MPLS would be a private color and Internet a public color. The thing is that different colors can stablish IPsec tunnels (Data Plane) between them in case you want or deny them by setting the transport "Restrict" however you need to really understand the importance about the colors and their significance becuase in summary they are relevant whenever an IPsec tunnels will be created using post or pre-nated IPs. 

Oscar Desentis
Customer Success Specialist (SD-WAN)

View solution in original post

2 Replies 2

Go to solution
osdesent
Cisco Employee
Cisco Employee

‎01-11-2021 06:18 AM

1) first of all the TLOC are not IPs....we could say that are only identificators

 

2)I think there's a misunderstanding about the SD-WAN concepts...just remember the next, a TLOC is composed by the System IP "Identificator", a Color and an encapsulation. Most of the times the encapsulation will always be IPsec, and the System IP is up to you...now what will differ is the color which is relevant per type of transport, for instance MPLS would be a private color and Internet a public color. The thing is that different colors can stablish IPsec tunnels (Data Plane) between them in case you want or deny them by setting the transport "Restrict" however you need to really understand the importance about the colors and their significance becuase in summary they are relevant whenever an IPsec tunnels will be created using post or pre-nated IPs. 

Oscar Desentis
Customer Success Specialist (SD-WAN)

Go to solution
Jackyhope
Level 1
Level 1
In response to osdesent

‎01-12-2021 05:30 PM

"The thing is that different colors can stablish IPsec tunnels (Data Plane) between them"

That answer my question.

Thanks!!

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card