Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1025
Views
1
Helpful
5
Replies

Viptela 2000 can be used as normal router (internet route)

Go to solution
sudhakar346
Level 1
Level 1

‎05-18-2023 07:46 PM

Hello Team,

Viptela 2000 can be used as normal/traditional router (internet route) with out controllers Like (vmanage vsmart and vdond)

We are planning a temporary router as viptela 2000 vedge for internet router which can route the traffic from inside Lan to ISP router.

We tried to put both the interfaces in vpn0 and default route to isp gateway, but we are not able to route the data from Lan to Wan

 

Please suggest 

Thanks in advance 

Sudhakar 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanan Huseynli
VIP
VIP
In response to sudhakar346

‎05-20-2023 12:59 PM

Hi,

vEdge 2000 already has installed certificate. vEdge-cloud does not have. You can quickly do as below:

request csr upload /home/admin/cert.csr > create CSR and upload to admin home folder
vshell > access linux shell
pwd > verify that you are in /home/admin
cat cert.csr > open cert.csr

Using Cert Authority (you can use Cisco PNP portal, if you have smart account or quickly create openssl based CA in linux box / windows box with ubuntu on linux etc.) sign this certificate.

In vshell create text file with vi editor:

vi cert.crt -> open new file with vi editor
[paste signed certificate text]
ESC :wq!-> save and close file
exit -> enters normal mode (exit vshell)
request certificate install /home/admin/cert.crt -> install cert (ensure time is normal)

Note: if you use custom CA, before installing cert file, you need install root CA:
request root-cert-chain install [path]- install root file

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

5 Replies 5

Go to solution
Kanan Huseynli
VIP
VIP

‎05-20-2023 12:37 AM - edited ‎05-20-2023 12:37 AM

Hi,

you most probably missed NAT.

Configure LAN interfaces in dummy VPN, like VPN1. Let outside interface be in VPN0.

In VPN0 interface (which has public IP and faces ISP), add nat keyword and respective default route to ISP (in VPN0).

vpn 0
interface [outside_interface]
ip address [outside_int_IP]
nat
!
no shutdown
!
ip route 0.0.0.0/0 [isp_gateway]

Also, you need to do direct internet access for VPN1, thus in VPN1 you also need default route, but with vpn0 keyword as below:

vrf 1
ip route 0.0.0.0/0 vpn 0

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

Go to solution
sudhakar346
Level 1
Level 1

‎05-20-2023 07:06 AM - edited ‎05-20-2023 07:33 AM

Hello Kanan,

Thanks for your reply.

i have configured the same as you suggetsed but not able to route the traffic, can you please suggest further,

please find the command entered and the connectivity diagram

sudhakar346_0-1684591182165.png

 

sudhakar346_1-1684593079496.png

 

Thanks in advance 

Sudhakar

0 Helpful

Go to solution
Kanan Huseynli
VIP
VIP
In response to sudhakar346

‎05-20-2023 07:43 AM

Hi,

is it lab (vedge-cloud) or real vedge 2000? You IP addressing confused me, what is internet subnet what is LAN subnet?

Note: I've tested in LAB it didn't work (none of way for packet switching), then I installed certificate in vEdge, it worked. Seems, vEdge does not do routing without installed certificate. So, if it is lab (vedge-cloud which does not have cert normally) , create CSR, sign somewhere (local private CA with openssl) and install cert.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

Go to solution
sudhakar346
Level 1
Level 1

‎05-20-2023 10:50 AM

Thanks for your reply Kanan,

Actually I need to work on the viptela 2000 box, but before the box arrives on prem, I need to make sure the routing part on the lab,

I have one question as per you previous reply, one vedge cloud requires certificate or viptella 2000 physcial box also requires certificate

My Lan is 30.1.1.x/24 and Internet is 10.1.1.0/24

Thankyou

sudhakar

0 Helpful

Go to solution
Kanan Huseynli
VIP
VIP
In response to sudhakar346

‎05-20-2023 12:59 PM

Hi,

vEdge 2000 already has installed certificate. vEdge-cloud does not have. You can quickly do as below:

request csr upload /home/admin/cert.csr > create CSR and upload to admin home folder
vshell > access linux shell
pwd > verify that you are in /home/admin
cat cert.csr > open cert.csr

Using Cert Authority (you can use Cisco PNP portal, if you have smart account or quickly create openssl based CA in linux box / windows box with ubuntu on linux etc.) sign this certificate.

In vshell create text file with vi editor:

vi cert.crt -> open new file with vi editor
[paste signed certificate text]
ESC :wq!-> save and close file
exit -> enters normal mode (exit vshell)
request certificate install /home/admin/cert.crt -> install cert (ensure time is normal)

Note: if you use custom CA, before installing cert file, you need install root CA:
request root-cert-chain install [path]- install root file

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Customers Also Viewed These Support Documents