12-03-2020 09:00 AM
Dear Community ,
I have one doubt with SDWAN - Setup on premises as i read some docs that we need Public IP For Vbond ( it can be NAT when we use on premises ) , but me Question is after Vedge is authenticated by Vbond and DTLS is completed then Next step will be vedge needs to communicate between vsmart and vmanage .
We don't have any Nat for Vsmart and vmanage and this are in Private network so how my Vedge will Reach Vsmart for authentication .
Can any1 Clear this doubt how Branch will reach vsmart and vmanage .
Attached Image for better understanding .
12-04-2020 05:11 PM
Hi,
If your vManage and vSmart devices do not have access to the internet, the alternative for vEdges to talk to them will be through reverse-proxy. This configuration can be found in Administration --> Settings screen. If configured properly, it will allow the devices to establish connections through a SSL proxy, which is an additional device that sits between the internet and the vManage/vSmart.
You can refer to the link here which explains more on the reverse-proxy functionality.
12-05-2020 07:26 AM
Hi,
even for proxy option you will need public IP addresses. Basically, all controllers should have public IP addresses (either directly or via proxy/NAT). There is another option using "vbond as stun server", but this is the case where there are 2 transports (e.g internet / mpls) and you want allow control controllers only over private network mpls.
Hence, for your deployment you will need public IP addresses for 1:1 NAT.
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide