Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4714
Views
0
Helpful
1
Replies

SD-WAN vManage Firewall Ports

Kursad EKER
Level 1
Level 1

‎10-08-2019 01:31 AM

Hi,

Could we configure proxy for internet connections for vManage.

Is there any document for Firewall ports for on-prem Viptela (vManage, vSmart, vBond) servers.

I found this one but there is any information towards internet,

 

https://sdwan-docs.cisco.com/Product_Documentation/Getting_Started/Viptela_Overlay_Network_Bringup/01Bringup_Sequence_of_Events/Firewall_Ports_for_Viptela_Deployments

0 Helpful
1 Reply 1

RohitRaj03827
Spotlight
Spotlight

‎10-08-2019 03:25 AM

Hi,

Kindly elaborate more about your need? What do you want to achieve towards internet.

======================================================================

Let me know if this helps you:-

 

1. Are you using MPLS as a transport for you sdwan controllers to vEdges or cEdges communication?

Ans:- if you are using MPLS only as a transport for on-prem controllers to vEdges or cEdges communication then in this case you dont have use NAT, you can use private IP for controllers and vEdges/cEdges will communicate to on-prem controllers. 

==================================================================================

2. Are you using internet  as a transport for you sdwan controllers to vEdges or cEdges communication?
Ans:- if you are using Internet only as a transport for on-prem controllers to vEdges or cEdges communication then in this case you you will have to use one public ip address for each controllers which means vManage, vBond and vSmart and you will have to configure the NAT on your firewall and when remote site vEdge or cEdge routers will communicate to on-prem controllers NAT will translate the public ip address of vManage, vBond and vSmart to private IP address.

================================================================================

Note:- In case of hybrid deployment :-

             Hybrid means if you are using MPLS and Internet both as a transport then in this case, again you have to use NAT and one public ip address for each controllers.

below is the explanation for hybrid deployment:-

On-Prem Controllers Hybrid Deployment:-
For Controllers Communication :-
=>vSmart and vManage point to the vBond IP address - NATed public IP address •

=>vBond learns interface private and NATed public IP address of vSmart and vManage - Private is pre-NAT, public is postNAT •

=>vSmart and vManage use interface private IP addresses for communication - vSmart and vManage use private color (non-default) - Private color to private color uses private IP address

------------------------------------------------------------------------------------
For vEdge or cEdge to Controller Communications:-

=> vEdge/cEdge points to the vBond FQDN that resolves to both public and private IP addresses
=>vEdge/cEdge communicates with vSmart and vManage NATed public IP addresses over Internet and interface private IP addresses over MPLS - Private color to private color uses private IP address, private color to public color uses public IP address

======================================================================================

 

Kindly let me know if you have further queries for SD-WAN deployment.

 

Thanks & Regards,

Rohit Raj

 

 

Regards,
Rohit Raj
0 Helpful
Customers Also Viewed These Support Documents