Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
557
Views
15
Helpful
3
Replies

Sdwan implementation external routers

Hamada Ahmed
Level 1
Level 1

‎09-13-2021 06:34 AM

Hi,

 

For Sdwan implementation, if I have external router which not supported Sdwan management.

How I can create tunnel between this routers and HQ router, if HQ router is managed by vmanage which mean no CLI enabled anymore?

 

If no cli anymore, who will manage the external routers? 

 

 

Also, is there any limitations regarding the external routers qualities that can be managed? If there any, how to mitigate this limitation? 

0 Helpful
3 Replies 3

Octavian Szolga
Level 4
Level 4

‎09-27-2021 11:12 AM

Hi Hamada,

 

You mean you have an SDWAN HQ router which has to be connected using an IPsec tunnel to a different external (non-SDWAN) router?

If so, you configure the external router connection to the HQ SDWAN router using CLI. 

The HQ SDWAN router IPsec connection to the external routers can be configured using a vManage feature template.

 

BR,
Octavian

Hamada Ahmed
Level 1
Level 1
In response to Octavian Szolga

‎09-28-2021 05:28 AM

You mean you have an SDWAN HQ router which has to be connected using an IPsec tunnel to a different external (non-SDWAN) router? Yes this my mean

 

1- so how I can create tunnel between this routers and HQ router, if HQ router is managed by vmanage which mean no CLI enabled anymore?

2- or CLI still enabled?

 

3- If no cli anymore, who will manage the external routers? 

 

 

4- Also, is there any limitations regarding the external routers qualities that can be managed? If there any, how to mitigate this limitation? 

Octavian Szolga
Level 4
Level 4
In response to Hamada Ahmed

‎09-29-2021 12:10 AM

Hi Hamada,

 

The HQ router (part of SDWAN) can have its IPSec tunnels outside SDWAN configured using feature templates. No CLI needed.

You just push (using vManage/template) an IPsec tunnel configuration related to as many non-SDWAN/external routers you like.

 

The external routers (non-SDWAN) are CLI configured for IPsec connectivity toward your SDWAN router. The SDWAN router is just an IPsec peer.

 

The external routers do not have to be managed in any way by vManage. You just called them 'external'. So no SDWAN, no fabric.

They're just like a 3rd party entity in this whole setup.

 

BR,

Octavian

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card