Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1144
Views
10
Helpful
2
Replies

vManage SDWAN tunnel-interface

Go to solution
Gioacchino
Level 1
Level 1

‎01-08-2021 05:24 AM - edited ‎01-08-2021 05:43 AM

Hi folks,

 

I'm trying to set up the "control-plane" for SD-WAN, meaning the certs and the conns among vManage, vSmart and vBond.
I configured the certs with vBond's/vManage's/vSmart's interfaces without the tunnel-interface option on but on the vManage device as soon as I bring up the tunnel interface I lose connection to the Web GUI.

I see that VPN0 is used for transport and should be eventually exposed to vEdges and the VPN 512 is used for the internal kitchen but in quite a few tutorial (Jedadiah Casey's for instance) people don't make any distinction between VPN0 and VPN512. They just use VPN0 (at the beginning with no encapsulation, then with it) and that's it. For them it seems everything is OK whereas I face the problem I described above.

Would be anyone be so kind to share their thoughts on this? I'm getting crazy. Can I use VPN0 for vMANAGE Web GUI? If yes, how?

Cheers, Gio.

1 Accepted Solution

Accepted Solutions

Go to solution
Alex Mac
Level 1
Level 1

‎01-08-2021 06:25 AM

Make sure you have this under the eth0

vpn 0
<...>
 interface eth0
  ip address <...>
  ipv6 dhcp-client
  tunnel-interface
<...>
>>>   allow-service https <<<

Without the tunnel interface feature enabled I saw my browser using port 8444 too and indeed it listens on 8443 and 8444

vManage:~$ netstat -an | grep -e "844.*LISTE"
tcp6       0      0 :::8443                 :::*                    LISTEN
tcp6       0      0 :::8444                 :::*                    LISTEN

but I think allow-service https only permits 8443.
So make sure that you point your browser to 8443 since there is no daemon listening on 443.

HTH

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Alex Mac
Level 1
Level 1

‎01-08-2021 06:25 AM

Make sure you have this under the eth0

vpn 0
<...>
 interface eth0
  ip address <...>
  ipv6 dhcp-client
  tunnel-interface
<...>
>>>   allow-service https <<<

Without the tunnel interface feature enabled I saw my browser using port 8444 too and indeed it listens on 8443 and 8444

vManage:~$ netstat -an | grep -e "844.*LISTE"
tcp6       0      0 :::8443                 :::*                    LISTEN
tcp6       0      0 :::8444                 :::*                    LISTEN

but I think allow-service https only permits 8443.
So make sure that you point your browser to 8443 since there is no daemon listening on 443.

HTH

0 Helpful

Go to solution
Gioacchino
Level 1
Level 1
In response to Alex Mac

‎01-08-2021 06:50 AM

Thanks! I did't pay attention, now I get back the GUI

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card