Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1254
Views
20
Helpful
1
Replies

VPN 0 - encap IPSec required

Steytler
Level 1
Level 1

‎03-02-2022 10:05 AM - edited ‎03-02-2022 10:06 AM

I'm a little confused about VPN0 and all that the interface is used for.  As a control interface I understand that this interface uses D/TLS to communicate with vBond and vSmart, and OMP with vSmart.  It will use NETCONF to receive certs from vManage using SSH's SCP protocol.

So what is confusing the heck out of me is how do all those other protocols come in the front door when the VPN0 WAN interface configuration requires "tunnel interface" and "encapsulation ipsec." 

The vBond device (which is a router with "local" added to the vbond config" needs to have the "tunnel command" removed to have a config pushed to it with NETCONF from vManage.  But the virtual routers also need certs pushed to them from vManage via NETCONF.

Or have is misunderstood something in the config guides?  Or is that the order of operation is to no have "tunnel int" on the routers, get the certs, then put it back on?

Then the "allow-service all" is essentially an acl permitting OMP and DTLS?

1 Reply 1

Kanan Huseynli
VIP
VIP

‎03-03-2022 01:10 PM

Hi,

 

when you add controllers to vmanage (this is normally one time process) you need to remove tunnel interface. But after you need to enable so that all nodes assumed valid in "overlay". 

In reality,"Encapsulation ipsec" does not have affect on vbond. But this command is needed because vbond ,in nature, is vedge router and OS requires this command under tunnel interface.

 

HTH,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Customers Also Viewed These Support Documents