vManage : New deployment, vSmart and vBond off line

Prophet66676 · ‎04-01-2019

Hi,

I've recently deployed vManage, vSmart and vBond using enterprise cert option.

All certs were successfully installed but vManage reports the vBond and vSmart to be off line although they are not.

Everything was configured following the online Cisco build guide so I'm not sure why vManage indicates that the other two controllers are off line.

They are reachable via both VPN 0 and VPN 512.

Can anyone point me in the right direction please

Danny De Ridder · ‎04-01-2019

Did you configure tunnel interface on the vManage side?

That's a common mistake not to have tunnel set on vManage.

Also on vSmart you need to have tunnel interface.

You can do show control-connections history on the devices to check any control establishment attempts or failures.

Regards,

Danny.

Prophet66676 · ‎04-02-2019

Hi Danny,

Thanks for the reply.

Please see config below and advise what I'm missing:

vManage

!
vpn 0
name Transport
interface eth1
description Transport
ip address 10.216.77.1/24
tunnel-interface
   color private1
   allow-service all
   allow-service dhcp
   allow-service dns
   allow-service icmp
   allow-service sshd
   allow-service netconf
   allow-service ntp
   allow-service stun
   allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 10.216.77.254
!

vSmart

!
vpn 0
interface eth1
ip address 10.216.77.3/24
tunnel-interface
   color private1
   allow-service dhcp
   allow-service dns
   allow-service icmp
   no allow-service sshd
   allow-service netconf
   no allow-service ntp
   no allow-service stun
!
no shutdown
!
ip route 0.0.0.0/0 10.216.77.254

!

Show control connections-history

Attached as screen print

Seems the DTLS connection is failing but not sure why

UlquiorraCifer · ‎06-11-2019

I have the same problem and i config no allown-service netconf on vmanage and allown it in vsmart so it connected. U should try this.