07-11-2023 05:16 AM
I have an unusual setup for SDWAN. I have 18 remote site that connect back to the main site. I am deploying 8200 and 4300 devices to the remote sites to replace the current routers. My main site is using 8300 routers to be the hub of the SDWAN environment. My issue is my connections to the remote sites are MPLS / Dark fiber type connection that do not have direct connection to the Internet. I am handing all my traffic from the 8300 routers to the core switches under VPN1. Is it possible to use VPN1 to communicate back to the vManage, vBond, and vSmarts since my VPN0 doesn't have Internet connectivity currently?
Solved! Go to Solution.
07-12-2023 05:33 PM
Add another interface in VPN0 pointing towards the internet.
Inet - Firewall - Core - (VPN1) 8300 (VPN0) - MPLS/DF - (VPN0) Remote (8200) (VPN1) - Remt LAN
|
|
Inet - Firewall - Core-- (VPN0) --|
07-11-2023 05:50 AM
how VPN1 Service have internet BUT VPN0 transport have not ?
07-11-2023 06:05 AM
Currently our Internet terminates on the firewall, that connects to the core switch. The SDWAN routers will connect to the core routers and the remote sites are using a separate ISP connection to connect to the SDWAN router. It is set up currently like this:
Internet --- Firewall --- Core --- (VPN1-LAN) SDWAN 8300 (VPN0) --- MPLS / Dark Fiber --- (VPN0) Remote SDWAN (8200) (VPN1) --- Remote LAN
All remote sites need to run through the hub in order to reach the Internet, no remote site has direct Internet access.
Thanks.
07-12-2023 05:33 PM
Add another interface in VPN0 pointing towards the internet.
Inet - Firewall - Core - (VPN1) 8300 (VPN0) - MPLS/DF - (VPN0) Remote (8200) (VPN1) - Remt LAN
|
|
Inet - Firewall - Core-- (VPN0) --|
07-13-2023 04:37 AM
I opened a TAC case and they confirmed that VPN0 is the only way to get Edge routers to communicate with the vManage and the controllers. So now I am looking at getting a 2nd VPN0 interface connection to my core. Thanks for the help!
07-13-2023 04:57 AM
Thanks a lot for update us.
Have a nice day
MHM
07-11-2023 01:38 PM
Hi,
Is it L2 mpls or L3 mpls? Are controllers on-prem or cloud based?
07-12-2023 05:43 PM
I had a scenario where I had a private mpls connection and I used VPN 1 (for example) to route traffic to my DC, and in my DC I have a traffic policy to route flow traffic from my cEdge to the internet, it's the only way I could route traffic and have connection with vManage, otherwise I see it complicated... Remember that to have a connection with SD-Controller you need at least one routable IP to the Internet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide