Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
501
Views
1
Helpful
7
Replies

SDWAN use VPN1 to talk with vManage?

Go to solution
Cisco1619
Level 1
Level 1

‎07-11-2023 05:16 AM

I have an unusual setup for SDWAN. I have 18 remote site that connect back to the main site. I am deploying 8200 and 4300 devices to the remote sites to replace the current routers. My main site is using 8300 routers to be the hub of the SDWAN environment. My issue is my connections to the remote sites are MPLS / Dark fiber type connection that do not have direct connection to the Internet. I am handing all my traffic from the 8300 routers to the core switches under VPN1. Is it possible to use VPN1 to communicate back to the vManage, vBond, and vSmarts since my VPN0 doesn't have  Internet connectivity currently?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dan Frey
Cisco Employee
Cisco Employee
In response to Cisco1619

‎07-12-2023 05:33 PM

Add another interface in VPN0 pointing towards the internet.

Inet - Firewall - Core - (VPN1)  8300 (VPN0) - MPLS/DF - (VPN0) Remote  (8200) (VPN1) - Remt LAN
                                  |
                                  |
Inet - Firewall - Core-- (VPN0) --|

 

View solution in original post

0 Helpful
7 Replies 7

Go to solution
MHM Cisco World
VIP
VIP

‎07-11-2023 05:50 AM

how VPN1 Service have internet BUT VPN0 transport have not ?

0 Helpful

Go to solution
Cisco1619
Level 1
Level 1
In response to MHM Cisco World

‎07-11-2023 06:05 AM

Currently our Internet terminates on the firewall, that connects to the core switch. The SDWAN routers will connect to the core routers and the remote sites are using a separate ISP connection to connect to the SDWAN router. It is set up currently like this:

Internet --- Firewall --- Core --- (VPN1-LAN) SDWAN 8300 (VPN0) --- MPLS / Dark Fiber --- (VPN0) Remote SDWAN (8200) (VPN1) --- Remote LAN

All remote sites need to run through the hub in order to reach the Internet, no remote site has direct Internet access.

 

Thanks.

0 Helpful

Go to solution
Dan Frey
Cisco Employee
Cisco Employee
In response to Cisco1619

‎07-12-2023 05:33 PM

Add another interface in VPN0 pointing towards the internet.

Inet - Firewall - Core - (VPN1)  8300 (VPN0) - MPLS/DF - (VPN0) Remote  (8200) (VPN1) - Remt LAN
                                  |
                                  |
Inet - Firewall - Core-- (VPN0) --|

 

0 Helpful

Go to solution
Cisco1619
Level 1
Level 1
In response to Dan Frey

‎07-13-2023 04:37 AM

I opened a TAC case and they confirmed that VPN0 is the only way to get Edge routers to communicate with the vManage and the controllers. So now I am looking at getting a 2nd VPN0 interface connection to my core. Thanks for the help!

 

Go to solution
MHM Cisco World
VIP
VIP
In response to Cisco1619

‎07-13-2023 04:57 AM

Thanks a lot for update us.

Have a nice day 

MHM 

0 Helpful

Go to solution
Kanan Huseynli
VIP
VIP

‎07-11-2023 01:38 PM

Hi,

Is it L2 mpls or L3 mpls? Are controllers on-prem or cloud based?

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

Go to solution
wmendozaOpenlink
Level 1
Level 1

‎07-12-2023 05:43 PM

I had a scenario where I had a private mpls connection and I used VPN 1 (for example) to route traffic to my DC, and in my DC I have a traffic policy to route flow traffic from my cEdge to the internet, it's the only way I could route traffic and have connection with vManage, otherwise I see it complicated... Remember that to have a connection with SD-Controller you need at least one routable IP to the Internet.

0 Helpful
Customers Also Viewed These Support Documents