Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1117
Views
0
Helpful
1
Replies

SDWAN access from Internet and Intranet simultaneous

EduardR
Level 1
Level 1

‎01-13-2020 08:33 AM

Hi fellow experts,

I came here to ask for your expertise, we have started to implement SDWAN in our organization, and after many problems we just managed to get it working on our intranet (MPLS links between our branches and HQ). We got our vBond, vSmart and vManage in our internal network (datacenter) with private ip addresses, all the routers (branches cEdges) are in private ip address space too, and all is working ok, so far.

But now we need to allow Internet cEdges to get connected to our network through SDWAN, we know that all the servers need public ip addresses for that, but we have not idea what to do to use our actual infrastructure to do this.

Our Cisco Partner said that we need to change all the SDWAN ip address used for the tunnels (vBond and vSmart) for public ones and use it form our MPLS cEdges, but we can not transport public ip addresses over our MPLS. Neither we can expose our private ip addresses to internet (obviously).

Is there any way we can achieve this? or we need other vBOnd and vSmart for the internet access?

 

Thank you at advance, any help will be appreciated.

0 Helpful
1 Reply 1

David Aicher
Cisco Employee
Cisco Employee

‎01-14-2020 12:01 PM

you probably want something like they describe in the Ciscolive presentation here

 

https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/BRKRST-2559.pdf

 

page 74 and 75 describe a hybrid deployment using 1:1 nat for the controllers and DNS name for vbond that resolves to public and private addresses.  

 

it is reliant on a behavior of vbond when vsmart and vmanage use a private color for their transport interfaces.   vbond advertises both public and private addresses for these controllers (public or default color and vbond only sends the public address.)   the edge routers on mpls will ignore the public address and use the private address to reach the vmanage and vsmart.   While the public colors do not use the private address and access them via the public NAT address.  

 

I would probably discuss this with your account team or partner to get more details on this design.   it does require a little bit of work to get it right but should work for your situation.

 

 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card