Re: SIG tunnel configuration not creating a tunnel-id

Greg Biettler · ‎11-09-2022

I have a Template created that allows our ISR C1K's to establish a tunnel to our SIG. We currently have 6 devices using the template & two of the devices are having issues establishing the tunnel to the SIG. I did notice in the configuration there is no tunnel-id. What is causing this to happen and how to resolve the issue? The IOS is Version 17.03.05

LTE_Internet_wEdge1#sh sdwan secure-internet-gateway tunnels

tunnels Tunnel100001

tunnel-id 0

tunnel-name SITE401SYS10x4x101x1IFTunnel100001

fsm-state st-tun-create-req

api-http-code 0

last-successful-req invalid

Here is a device where the tunnel is working to the SIG.

LTE_Internet_wEdge2#sh sdwan secure-internet-gateway tunnels

tunnels Tunnel100001

tunnel-id 595374411

tunnel-name SITE402SYS10x4x102x1IFTunnel100001

fsm-state st-tun-create-notif

api-http-code 200

last-successful-req create-tunnel

akoukis · ‎11-18-2022

Hello,

from the output it seems that the API commands they didn't work.

fsm-state st-tun-create-req

api-http-code 0

last-successful-req invalid

I believe if you give the command show sdwan secure-internet-gateway umbrella tunnels you will have the same result.

Usually this is happening because the Edge can't communicate with api.opendns.com or with management.api.umbrella.com on port 443.

Try to ping this two FQDN from VPN 0 to see if you getting any replay. If you don't getting any replay probably you have not NAT enable on VPN 0 or an upstream device is blocking the API calls.

Best Regards

Anestis