02-25-2019 01:57 PM
Scenario:
- Service VPN connects to a LAN with a prefix which is routable on underlay network (say MPLS VPN)
- NAT on VPN0 uplink interface (facing MPLS) is not enabled
- eBGP peering is established over uplink and exchanging routes properly
I tested a centralized control-policy as shown below and applied it, and did not see routes imported from vpn1 to vpn0.
vsmart1# show running-config policy
policy
lists
site-list site122
site-id 122
vpn-list vpn0
vpn 0
!
vpn-list vpn1
vpn 1
!
!
control-policy import-vpn1-to-vpn0
sequence 10
match route
vpn-list vpn1
!
action accept
export-to vpn-list vpn0
!
!
default-action accept
The above config is referenced by https://sdwan-docs.cisco.com/Product_Documentation/Software_Features/Release_18.3/04Segmentation/03Segmentation_(VPN)_Configuration_Examples.
Question: Do I miss anything? Or Is route leaking between VPN 0 and Service VPN supported without NAT enabled on uplink?
Thanks!
Shen
Solved! Go to Solution.
02-26-2019 12:04 AM
02-25-2019 02:22 PM
02-25-2019 05:04 PM
02-26-2019 12:04 AM
02-26-2019 05:55 AM
Thanks again for the clarification!
08-27-2019 12:10 AM
Hi,
So is there a way to route leak between a Services VPN <-> VPN0 (MPLS) on a vEdge?
Thanks
11-23-2020 11:07 AM
Old response but you can NAT on the transport interface than a centralised policy which matches source -> destination prefixes you want to route out to global and set the action to route to NAT VPN. Ensure you have a route at your site like a default to get to the vEdge the rest of the routing should take care of itself with the PAT NAT.
08-04-2021 11:27 AM - edited 08-04-2021 11:32 AM
You can use this document:
route-import and route-export commands under non-0 VPN config
For cEdge you can use this document:
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: