Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2426
Views
2
Helpful
26
Replies

SD WAN Route leaking on WAN edge routers

Go to solution
Kenneth Goh
Level 1
Level 1

‎07-13-2023 03:52 AM

 

KennethGoh_1-1689245403577.png

 

Currently both cEdge and vEdge are to be able to access to internet, where both vEdge and cEdge is able to ping to 8.8.8.8 sourcing from 172.16.10.10 and 172.16.10.30 respectively. But hosts facing vEdge VPN 10 and cEdge vrf 1 are not able to route to transit router and to internet router. 

I believe there is a need to leak routes to global routing table, please help with the needed commands. Thanks in advanced!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanan Huseynli
VIP
VIP
In response to Kenneth Goh

‎07-19-2023 06:50 AM

Equivalent is:

vpn1
ip route 0.0.0.0/0 vpn0

vpn0
ip route 0.0.0.0/0 [next-hop]

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

0 Helpful
26 Replies 26

Go to solution
MHM Cisco World
VIP
VIP

‎07-13-2023 04:06 AM

There is NATing in cEdge and vEdge ?

0 Helpful

Go to solution
Kenneth Goh
Level 1
Level 1
In response to MHM Cisco World

‎07-13-2023 04:12 AM

Hi, are you able to show me the command? But I think it’s more about return route from internet router not been able to reach both VPN 10 & vrf 1.
0 Helpful

Go to solution
DanielP211
VIP
VIP

‎07-13-2023 04:13 AM

If I understand correctly you would have to do default route leaking between the "internet VPN - 172.16.10.0*/24" and VPN10. But I really don't have enough info to help further...

****Kindly rate all useful posts*****
0 Helpful

Go to solution
M02@rt37
VIP
VIP

‎07-13-2023 04:43 AM

Hello @Kenneth Goh ,

Regarding you topology you will need to enable to configure route leaking from the VPN/VRF to the global routing table. We need more info to go further.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
Kenneth Goh
Level 1
Level 1
In response to M02@rt37

‎07-13-2023 05:27 AM

Yes, that is what I am trying to find out on what is the command to enter?

0 Helpful

Go to solution
Kenneth Goh
Level 1
Level 1
In response to M02@rt37

‎07-13-2023 05:43 AM

What is the command to allow route leaking (on vEdge & cEdge) for transit router to be able to reach both 10.0.11.0/24 and 10.0.30.0/24 network?

On transit router there is static route for 10.0.11.0/24 and 10.0.30.0/24 network.

ip route10.0.11.0 255.255.255.0 172.16.10.10

ip route 10.0.30.0 255.255.255.0 172.16.10.30

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎07-13-2023 05:17 AM

the leak routing is between VPNx and VPNy not between VPNx/y and VPN0 
the route is redistrubte between VPN0 and VPNx/y 
VPN0 run OMP 
VPNx/y run other routing 

 

KennethGoh_1-1689245403577.png
NOW what you need not leak routing but DIA config in VPN0 in vEdge 

0 Helpful

Go to solution
Kenneth Goh
Level 1
Level 1
In response to MHM Cisco World

‎07-13-2023 05:36 AM

What I mean is routing leak from the Global routing table to the VPN and VRF for vEdge and cEdge respectively as routes from Internet router to transit router cannot reach both 10.0.11.0/24 and 10.0.30.0/24 network.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Kenneth Goh

‎07-13-2023 05:57 AM

for me the solution is DAI 
leaking route is only between VPNx and VPNy not between VPN0 and VPNx/y

0 Helpful

Go to solution
Kenneth Goh
Level 1
Level 1
In response to MHM Cisco World

‎07-13-2023 06:14 AM

cEdge#sh run | in nat route
ip nat route vrf 65528 0.0.0.0 0.0.0.0 global
ip nat route vrf 1 0.0.0.0 0.0.0.0 global

cEdge#ping vrf 1 8.8.8.8 source 10.0.30.30
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 10.0.30.30
.....

0 Helpful

Go to solution
Kenneth Goh
Level 1
Level 1
In response to MHM Cisco World

‎07-29-2023 03:34 AM

I am not sure why is it not working on cEdge.

cEdge#sh run int GigabitEthernet 1
Building configuration...

Current configuration : 137 bytes
!
interface GigabitEthernet1
ip address 172.16.10.30 255.255.255.0
ip nat outside
negotiation auto
no mop enabled
no mop sysid
end

cEdge#sh run | in nat route
ip nat route vrf 65528 0.0.0.0 0.0.0.0 global
ip nat route vrf 10 0.0.0.0 0.0.0.0 global
ip nat route vrf 1 0.0.0.0 0.0.0.0 global

cEdge#show ip route vrf 10 | in Nd
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
n*Nd 0.0.0.0/0 [6/0], 00:41:57, Null0

cEdge#ping vrf 10 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

cEdge#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/4 ms

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Kenneth Goh

‎07-29-2023 03:38 AM

Sorry' you mentioned NAT and select leak route !!! It hot maybe make my brain melting.

0 Helpful

Go to solution
Kanan Huseynli
VIP
VIP

‎07-13-2023 09:23 AM

Route leaking between global and service VPN is possible:

Use VPN 1 (VRF 1) VPN template and configure route leaking as below:

KananHuseynli_0-1689265355455.png

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/routing/ios-xe-17/routing-book-xe/m-routing-leaking-for-service-sharing.html#Cisco_Concept.dita_ee6c10fd-043d-44c1-9f33-2785408636bb

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card