Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
969
Views
6
Helpful
4
Replies

Question about creating of GRE tunnels over SDWAN TLOC Extension link

kay.kang
Level 1
Level 1

‎05-24-2022 08:19 PM

Hi,

 

We're having two SDWAN vEdges and each vEdge has different ISP connection.

They're inter-connected by TLOC Extension link.

Each vEdge has two GRE tunnels(to Zscaler cloud service) through only its directly connected ISP link.

I am wondering if it's possible to create GRE tunnels through TLOC Extension interface.

 

0 Helpful
4 Replies 4

Flavio Miranda
VIP
VIP

‎05-25-2022 05:57 AM

Hi

 If you already have TLOC in place, which means you must have next-hop for this tloc on each vEdge.

The basic configuration for GRE is:

 

tunnel source fastEthernet X/X
tunnel destination 192.168.1.1 (example)

 

So, imagine the destination for your tunnel is 192.169.1.1, you need to have a route like:

ip route 192.169.1.1 255.255.255.0  "the other vedge tloc"

 

Then, when the tunnel try to come up, it will be sent to the other vedge and will be stablished via TLOC extention.

0 Helpful

Dan Frey
Cisco Employee
Cisco Employee

‎05-25-2022 06:07 AM

Presumably you have NAT configured on ISP directly connected links?   GRE keepalives do not work through NAT so you would have to have a public IP address space on the TLOC-ext network and not perform NAT on the GRE traffic.    VPN0 interfaces that have SDWAN tunnels configured will not route to other interfaces in vpn0 and you will need to have the SDWAN tunnels terminate to a loopback interface.   When SDWAN is terminated to loopback interface then normal routing can take place between interfaces in VPN0.   

 

IMHO the easier method when establishing tunnels through tloc-ext interface is to terminate IPSEC to zscaler as IKE keepalives  can go through NAT.

0 Helpful

kay.kang
Level 1
Level 1
In response to Dan Frey

‎05-25-2022 04:28 PM

Hi Dan,

 

Thanks for the comment.

We have private IP space on TLOC Extension and we don't run any SDWAN overlay tunnel. vEdges are just run as ordinary WAN router controlled by vmanage.

They don't establish any OMP path between them.

0 Helpful

LeonardoFernandez5618
Level 1
Level 1
In response to kay.kang

‎05-26-2022 02:42 AM

Hi,

 

By my experience GRE tunnels to Zscaler sourcing from TLOC-Extension with private IP space and NAT on the Internet facing connection do not work, IPSEC tunnel works OK.

Customers Also Viewed These Support Documents