Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
533
Views
0
Helpful
3
Replies

Question about vManage behind Edge device....initial deployment...

craneman1
Level 1
Level 1

‎11-02-2020 12:01 PM

Here is my design question.  Say I have 100 sites.  I am doing "on prem" deployment of vManage at Headquarters.  I can install my Edge devices to 99 remote sites and they have a Control Plane connection to HeadQuarters and be managed by Headquarters.  The problem is how do I deploy my vManage behind the Edge site at Headquarters?... Say the Virtual Machines live in the Data Center.  So how do I connect the VPN 0 to the Corporate WAN and create a VPN on the inside of Headquarters if the vManage exists in the Data Center?  I understand the vManage has one nic in VPN 0 and one nic in VPN 512....  the other 99 sites are ok because they will establish a control plane to vpn 0 at HQ and a management plane connection at HQ... its just how do I manage the Edge at HQ and do I need to do sort of a VPN 0 extension type of thing on the Edge at Headquarters and how do I dod that if vMange cant configure the Edge at HQ in the first place?....  Because that would need to be configured by vManage which sits behind the Edge device...  its  a basic question and I am missing something about the "Headquarters" part... Thanks for any help with this...

0 Helpful
3 Replies 3

Kanan Huseynli
VIP
VIP

‎11-03-2020 03:26 PM

Hi,

there is no normal on-premise deployment guide. You may see 3-5 sentences in docs and that's all.

I have personally designed and deployed on network where on-premise controllers.

Just few questions, what type of connection from branch to HQ? Intranet like L2MPLS? Do you plan internet also? Do you have firewall/router as border device (facing internet)? Hope, you have core switch as well which understands VRF.

 

Regards,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

craneman1
Level 1
Level 1
In response to Kanan Huseynli

‎11-03-2020 06:57 PM

Hi
Thanks for reply..
We are on private network.. no internet... no firewall... mpls but not sure if l2 or l3... the one where we need to bond the loopback to the gig ethernet transport is the one....
so all branches to hq on mpls only one transport
basically behind the edge on a standard ethernet interface say 1.1.1.1 no tunnel-interface but in vpn0... that way I could put the vmanage etc as say 1.1.1.2 and its all in vpn 0.... I think this will work...as long as the edge can reach inside to the vmanage, vsmart, and vbond...
of course all the branch traffic (tunnels) would have to be processed by the hq edge... does this sound correct?
0 Helpful

Kanan Huseynli
VIP
VIP

‎11-05-2020 08:11 AM

Hi again,

 

if you have core switch (enterprise or DC core) I recommend to create SVI on core which has L2 connection to all branches. Core will be like a HQ CPE node. This is good to not create loopback etc. You will have one interface in VPN0 (with tunnel enabled) connected to core switch, and another in different VPNs (subinterfaces) for service VPNs.

Actually, you can use loopback method as you described. But don't forget that you need 2nd interface for service VPNs (as in my method).

Since there is no internet and is not planned, you will need have private IP addresses and private color everywhere (color doesn't have meaning on vbond).

 
 
 

HTH,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful
Customers Also Viewed These Support Documents