Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
548
Views
0
Helpful
1
Replies

On-Prem Deployment with 1:1 NAT Done for the Controllers

IslamOmar
Level 1
Level 1

‎11-25-2020 09:35 PM

i have an cisco on-prem sdwan deployment where they need to host the controller's behind a dmz firewall. They need these controller's to be reachable over mpls and internet . I have successfully onboarded the cedges over the internet . But the control link is not coming up over the mpls. I'm stuck there since three days. If someone here done this setup I'd appreciate sharing what he done on the firewall ( nat statements, hairpining, etc )

 

I really do suspect the behavior of FW in terms of the order of operation , i open all ports and i can reach the private IP's of the controllers from cedges yet i can't get the control connections up an running . 

 

would be useful if someone done this setup and shared what should be done on FW , as well as colors he put under the vSmart/vManage .

Labels:
0 Helpful
1 Reply 1

Naseer Anjan
Level 1
Level 1

‎11-26-2020 05:15 AM

Hi,

 

1. You need to show the architecture of your network or flow between cedge and controllers over MPLS. there should be many reason but all point to your underlay networks. 

 it may be asymmetric routing which may blocks your UDP 12346 port. so, enable packet capture on both ingress and egress interface of your firewall. 

2. color for controllers are default. 

0 Helpful
Customers Also Viewed These Support Documents