Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1442
Views
2
Helpful
6
Replies

Vsmart

kagisolebambo458
Level 1
Level 1

‎07-17-2023 02:07 PM

What is the purpose of enabling tunnel/ allowing services in the vpn 512 interface 

Labels:
6 Replies 6

M02@rt37
VIP
VIP

‎07-17-2023 02:17 PM - edited ‎07-17-2023 02:21 PM

Hello @kagisolebambo458,

Enabling a tunnel on the VPN 512 interface means configuring the interface to participate in the VPN infrastructure. This allows the vSmart controller to establish secure communication channels between vEdge routers across the SD-WAN network. Tunnels are essential for secure data transmission and enable the overlay network to function effectively!!!

By allowing services on the VPN 512 interface, you are permitting specific applications or services to traverse the VPN tunnel associated with that interface. You can allow services like HTTP, HTTPS, VoIP, or specific enterprise applications to pass through the VPN tunnel while blocking or prioritizing other traffic types.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

David Ruess
VIP
VIP

‎07-17-2023 02:31 PM

It depends on the requirement of whichever companies SD-WAN youre working on and their needs. Most services are disabled by default (fro security reasons) but can be turned on. VPN 512 is for MGMT so lets say the MGMT interfaces needs BGP connectivity since it goes over the internet. YOu can enable that service to allow it to connect to other BGP speakers and log into it.

 

See documentation of the list of services available:

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/system-interface/vedge-20-x/systems-interfaces-book/configure-interfaces.html#:~:text=VPN%20512%E2%80%94Management%20VPN%2C%20which,except%20for%20Cisco%20vEdge%20100.

Scroll down just a little bit to the services able and you can see.

Hope this helps.

-David

0 Helpful

Kanan Huseynli
VIP
VIP

‎07-17-2023 10:54 PM

VPN512 is for management VPN.

Enabling and disabling "tunnel" on interface which belongs to VPN512, does not change anything in router configuration. Mgmt interface can not be tunnel (because interface purpose is OOB management, but not SD-WAN overlay).

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

svemulap@cisco.com
Cisco Employee
Cisco Employee
In response to Kanan Huseynli

‎07-18-2023 07:42 AM

Yes.
0 Helpful

kagisolebambo458
Level 1
Level 1
In response to Kanan Huseynli

‎07-18-2023 09:12 AM

what happens when i enable the tunnel on an interface that belongs to vpn 0
what will happen then
0 Helpful

Kanan Huseynli
VIP
VIP
In response to kagisolebambo458

‎07-18-2023 09:44 AM

Tunnel interface enabled interface is added to SD-WAN overlay. It tries to connect vBond over there, if it is successful connects to vSmart. Then this interface is considered valid TLOC (SD-WAN interface) and advertised in OMP as TLOC route. And over this port BFD tunnel can be built.

Allow-services on transport interface defines what protocols natively is allowed over interface. Natively means what is allowed on underlay network, not overlay (SD-WAN). For example, you should allow BGP in tunnel interface if this interface in underlay should have BGP peering with some remote device.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Customers Also Viewed These Support Documents