SDWAN - configuration push

praveen-CCNP · ‎07-07-2025

when I pushed the configuration from manage, it has been pushed the OSPF configuration but rolled back to default with in 3 mins without any errors.

please share your suggestions to troubleshoot. I am new to SDWAN

MHM Cisco World · ‎07-07-2025

Can you more elaborate

Did you try config vedge/cedge directly ?

MHM

praveen-CCNP · ‎07-08-2025

Hi MHM ,I did not try from vedge directly , pushing from vedge

MHM Cisco World · ‎07-08-2025

Monitor > Network > Select Device > Real-Time → Device Info

Share this Device Info

MHM

Jeongjun Park · ‎07-07-2025

Hi.

This occurs when your edge lost control connection by template.

Maybe your template has no routing in VPN 0 ?

Check your template again, especially VPN 0 to guarantee the connectivity for controllers.

Please remark this as a solution If this is helpful.

praveen-CCNP · ‎07-08-2025

vpn 0
interface ge0/0
ip address 10.1.1.2/30
ipv6 dhcp-client
tunnel-interface
encapsulation ipsec
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
allow-service sshd
allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 10.1.1.1

ipv6 dhcp-client
no shutdown
!
!
vedge-1# ping 10.1.1.1
Ping in VPN 0
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=255 time=16.5 ms
64 bytes from 10.1.1.1: icmp_seq=2 ttl=255 time=18.5 ms
64 bytes from 10.1.1.1: icmp_seq=3 ttl=255 time=19.5 ms
64 bytes from 10.1.1.1: icmp_seq=4 ttl=255 time=11.5 ms
^C

praveen-CCNP · ‎07-08-2025

Hi

Hi,Jeongjun Park

wajidhassan · ‎07-14-2025

This can happen if the config breaks control connectivity check if VPN 0 has proper default routes and if system IP or site ID changed after the push. Also, make sure the OMP and TLOC settings in the template are correct before retrying.

praveen-CCNP · ‎07-17-2025

vedge cli config - before template

ompomp
no shutdown
graceful-restart
advertise connected
advertise static
!
security
ipsec
integrity-type ip-udp-esp esp
!
!
vpn 0
interface ge0/0
ip address 10.1.1.2/30
ipv6 dhcp-client
tunnel-interface
encapsulation ipsec
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
allow-service sshd
allow-service netconf
allow-service ntp
allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 10.1.1.1
!
vpn 512
interface eth0
ip dhcp-clie
no shutdown
graceful-restart
advertise connected
advertise static
!
security
ipsec
integrity-type ip-udp-esp esp
!
!
vpn 0
interface ge0/0
ip address 10.1.1.2/30
ipv6 dhcp-client
tunnel-interface
encapsulation ipsec
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
allow-service sshd
allow-service netconf
allow-service ntp
allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 10.1.1.1
!
vpn 512
interface eth0

After pushing the template :

praveen-CCNP · ‎07-17-2025

edge-1#

vpn 0
name "Infrastructure VPN"
router
ospf
timers spf 200 1000 10000
area 0
interface ge0/0
network point-to-point
exit
exit
!
!
interface ge0/0
description "towards core router"
ip address 10.1.1.2/30
tunnel-interface
encapsulation ipsec
color mpls
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
allow-service sshd
allow-service netconf
allow-service ntp
allow-service ospf
allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 10.1.1.1

praveen-CCNP · ‎07-17-2025

After few minutes it roll backs to old config: ( i have static route to vmange for sure before and after the config push using template)

vpn 0
interface ge0/0
ip address 10.1.1.2/30
ipv6 dhcp-client
tunnel-interface
encapsulation ipsec
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
allow-service sshd
allow-service netconf
allow-service ntp
allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 10.1.1.1

vedge-1# show control connections
PEER PEER
CONTROLLER
PEER PEER PEER SITE DOMAIN PEER PRIV PEER PUB
GROUP
TYPE PROT SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT ORGANIZATION LOCAL COL
OR PROXY STATE UPTIME ID
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
------------
vbond dtls 0.0.0.0 0 0 90.1.1.3 12346 90.1.1.3 12346 NCPNETWORK default
- up 0:00:09:59 0
vmanage dtls 100.100.100.1 1 0 90.1.1.5 12646 90.1.1.5 12646 NCPNETWORK default
No up 0:00:09:58 0

praveen-CCNP · ‎07-17-2025

vedge-1# ping 90.1.1.5 ---------> vmanage
Ping in VPN 0
PING 90.1.1.5 (90.1.1.5) 56(84) bytes of data.
64 bytes from 90.1.1.5: icmp_seq=1 ttl=63 time=18.5 ms
64 bytes from 90.1.1.5: icmp_seq=2 ttl=63 time=18.6 ms
64 bytes from 90.1.1.5: icmp_seq=3 ttl=63 time=15.7 ms
64 bytes from 90.1.1.5: icmp_seq=4 ttl=63 time=20.7 ms
^C
--- 90.1.1.5 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 15.667/18.347/20.673/1.778 ms
vedge-1#

MHM Cisco World · ‎07-17-2025

Let make double check

MHM

MHM Cisco World · ‎07-17-2025

Now it little clear

There is feature rollback timer

Which make vedge check vmange connect after template of vpn0 if it break connect it rollback to old config.

MHM

praveen-CCNP · ‎07-17-2025

1.

2. I am not using for service VPN , it is being used for OOB and I did not configure IP for it

vpn 512
name OOB-mgmt
interface eth0
description OOB-mgmt
ip dhcp-client
no shutdown