02-10-2019 07:02 PM - edited 03-08-2019 05:34 PM
Hi All ,
I have already built a test lab. Tunnel are up , control connection connection , Everything is okay.
But I add a NAT router to test VEdge behind NAT. All tunnels are down.
Is there any special configurations for that ?
By the way , I used PAT.
Best Regards,
Biran
Solved! Go to Solution.
02-12-2019 12:23 PM
02-12-2019 08:05 PM
Hi Biran,
What you are experiencing can be related to the type of color you have used for the transport interface.
Cisco SD-WAN uses two types of colors: Public & Private. A quick recap between these two types is: Private colors can't sit behind a NAT router! while Public colors can.
The colors metro-ethernet, mpls, and private1 through private6 are private colors. if you are using any of these, you can't put that interface behind the NAT.
Please refer to below link for details:
https://sdwan-docs.cisco.com/Product_Documentation/Command_Reference/Configuration_Commands/color
Regards,
Ehsan
02-12-2019 01:15 AM
02-12-2019 01:26 AM
Well, VEdge can able to reach via NAT (1 to 1 ) to Vbond and I checked control connections are up. But all data plane BFDs are down.
Any stun Service need to be allowed and configured?
02-12-2019 12:23 PM
02-12-2019 11:01 PM
I used Private 2 . Once I changed it to Biz-internet , all come up.
Thanks.
02-12-2019 11:01 PM
I used Private 2 . Once I changed it to Biz-internet , all come up.
Thanks.
10-14-2020 02:49 AM
my vbond is in DMZ zone. Vsmart and Vmanage in Inside zone. i have hybrid scenario. kindly help me to config NAT in Cisco ASA to communicate controllers via public ip address.
Regards,
Dip
02-12-2019 08:05 PM
Hi Biran,
What you are experiencing can be related to the type of color you have used for the transport interface.
Cisco SD-WAN uses two types of colors: Public & Private. A quick recap between these two types is: Private colors can't sit behind a NAT router! while Public colors can.
The colors metro-ethernet, mpls, and private1 through private6 are private colors. if you are using any of these, you can't put that interface behind the NAT.
Please refer to below link for details:
https://sdwan-docs.cisco.com/Product_Documentation/Command_Reference/Configuration_Commands/color
Regards,
Ehsan
02-12-2019 11:03 PM
True, It's because of private2 color I used . Once I changed to Biz-Internet , all come up .
02-12-2019 11:07 PM
How can i check Public and Private address that maps in Vbond ? Any CLI to verify?
02-13-2019 05:08 AM
Well, vBond controller doesn’t have transport interface by all means. Color is characteristic of a transport interface only. As a result, you don’t have color as a parameter on vBond controller.
Havind said that, vManage and vSmart controllers come with transport interface both, still you should not / can’t define color for these transport interfaces either!
Regards,
Ehsan
02-13-2019 05:24 AM
I know of course we should not set Color in controller . My question was in Vbond How can I verify the private address of vedges that is exist behind NAT? As far as I know Vbond is the one that distribute the Natted IP address to other vedges right? So i think there should be a way to verify or see NAT addresses in Vbond.
02-13-2019 03:04 PM
I see your point now. As you may know, control connection from Edge router to vBond will be up while the control connections to vManage and vSmart controllers are about to establish and it will be closed after that. Anyway, you can collect info using below CLI:
- show orchestrator connections <<<< shows you current control connections that are established with the current vBond controller
- show orchestrator connections-history <<< this shows the history of whatever has hit the vBond controller.
above command should be the one that you are after. it has a column for "PEER PRIVATE IP" and another one for "PEER PUBLIC IP" and gives you the mapping that you are after.
you should achieve the same through vManage and vSmart controllers too. And if you are keen to CLI command on these controllers:
- show control connections-history
Hope that helps.
Regards,
Ehsan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide