i have an cisco on-prem sdwan deployment where they need to host the controller's behind a dmz firewall. They need these controller's to be reachable over mpls and internet . I have successfully onboarded the cedges over the internet . But the control link is not coming up over the mpls. I'm stuck there since three days. If someone here done this setup I'd appreciate sharing what he done on the firewall ( nat statements, hairpining, etc )
I really do suspect the behavior of FW in terms of the order of operation , i open all ports and i can reach the private IP's of the controllers from cedges yet i can't get the control connections up an running .
would be useful if someone done this setup and shared what should be done on FW , as well as colors he put under the vSmart/vManage .