11-18-2021 08:19 AM - edited 11-18-2021 09:29 AM
First, according to several of Cisco documents (v19.x and v20.x), some state "You can only activate ONE centrailized policy" while others state "you can have one control-policy and one data-policy activated (e.g. one inbound; one outbound"... So which is true considering the latest version of firmware for a mixed of vEdge and cEdge environment?
Second, when finialize a centralized policy, depends on the content within (DATA, CONTROL/TOPOLOGY or AAR), the vManage would ask for selecting the direction the policy is applied to for vSmart (inbound or outbound; From Service or From Tunnel). I think I mostly have been using just the outbound or From Service so far...But is there a general rule of thumb or best practice regards?
Solved! Go to Solution.
11-20-2021 10:06 AM
Hi,
You can only activate ONE centrailized policy
this means that you can have only and only one active central policy that is activated and config is pushed to vSmart(s) to further processing policy.
you can have one control-policy and one data-policy activated (e.g. one inbound; one outbound
this means that within activated centralized policy you may per per policy (control or data or both) per site per direction.
When data policy used, direction can be from service to tunnel or from tunnel to server (with respect to router).
When control policy used, direction can be inbound or outbound (with respect to vsmart).
Note that, one central policy can have multiple data and control policy, if different data/control policy applied to different site list.
HTH,
11-18-2021 09:49 AM
I ran a quick test in lab: it does seem like you would only be able to activate ONE centralized policy at a time. I created two central policies: one just with AAR (or just Topology) and one just for DIA (Guest NAT). When I activate one, the other would be deactivated automatically...
11-20-2021 10:06 AM
Hi,
You can only activate ONE centrailized policy
this means that you can have only and only one active central policy that is activated and config is pushed to vSmart(s) to further processing policy.
you can have one control-policy and one data-policy activated (e.g. one inbound; one outbound
this means that within activated centralized policy you may per per policy (control or data or both) per site per direction.
When data policy used, direction can be from service to tunnel or from tunnel to server (with respect to router).
When control policy used, direction can be inbound or outbound (with respect to vsmart).
Note that, one central policy can have multiple data and control policy, if different data/control policy applied to different site list.
HTH,
11-20-2021 02:51 PM
Thanks for the information.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide