Re: Ping two VPN on vEdge

UlquiorraCifer · ‎06-18-2019

I have two site vEdge01 and 02 using vpn 1 to LAN .i already bring up vbond,vsmart,vedge to vmanage but i can't ping end to end using vpn 1 . this is my config :

vpn 0

dns 8.8.4.4 secondary

dns 8.8.8.8 primary

interface ge0/4

ip address 86.10.252.72/24

nat

!

tunnel-interface

encapsulation ipsec

color gold

no allow-service bgp

allow-service dhcp

allow-service dns

allow-service icmp

no allow-service sshd

no allow-service netconf

no allow-service ntp

no allow-service ospf

no allow-service stun

!

no shutdown

!

ip route 0.0.0.0/0 86.10.252.254

!

vpn 1

ecmp-hash-key layer4

interface ge0/2

ip address 86.10.245.72/24

no shutdown

!

ip route 0.0.0.0/0 vpn 0

!

vpn 512

interface ge0/3

ip dhcp-client

no shutdown

!

policy

app-visibility

flow-visibility

ekhabaro · ‎06-18-2019

Sorry, but what's the question? Do you have control connections running? Do you see data plane tunnels/BFD? Do you see routes in the routing-table?

UlquiorraCifer · ‎06-18-2019

in vmanage, issue NO WAN CONNECTIVITY appear.
my control connections is running but i don't see data plane tunnels/BFD
vEdge01# show control connections
PEER PEER
CONTROLLER
PEER PEER PEER SITE DOMAIN PEER PRIVATE PEER PUBLIC
GROUP
TYPE PROTOCOL SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT L
OCAL COLOR STATE UPTIME ID
---------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------
vsmart dtls 10.0.0.76 100 1 86.10.252.76 12446 86.10.252.76 12446 g
old up 0:02:26:46 0
vsmart dtls 10.0.0.77 100 1 86.10.252.77 12446 86.10.252.77 12446 g
old up 0:02:26:41 0
vmanage dtls 10.0.0.75 100 0 86.10.252.75 12446 86.10.252.75 12446 g
old up 0:02:26:31 0

-----------------------
0 0.0.0.0/0 static - ge0/4 86.10.252.254 - - -
- F,S
0 10.0.0.72/32 connected - system - - - -
- F,S
0 86.10.252.0/24 connected - ge0/4 - - - -
- F,S
1 0.0.0.0/0 nat - ge0/4 - 0 - -
- F,S

ekhabaro · ‎06-18-2019

I don't see any omp routes. What about "show bfd sessions"? "show tunnel statistics"?

UlquiorraCifer · ‎06-18-2019

"show bfd sessions"? "show tunnel statistics"?
i don't see somthing if i use this command line.
How

ekhabaro · ‎06-18-2019

show omp tlocs? It's better if you can format outputs.

UlquiorraCifer · ‎06-18-2019

it down with vsmart.

PSEUDO PUBLIC PRIVATE BFD
FROM PEER STATUS KEY PUBLIC IP PORT PRIVATE IP PORT STATUS
----------------------------------------------------------------------------------------------
10.0.0.76 C,I,R 1 86.10.252.74 12346 86.10.252.74 12346 down
10.0.0.77 C,R 1 86.10.252.74 12346 86.10.252.74 12346 down

UlquiorraCifer · ‎06-18-2019

vEdge01# show bfd sessions

vEdge01# show tunnel statistics
% No entries found.

ekhabaro · ‎06-18-2019

> it down with vsmart
show omp peers? Please use code formatting for your outputs.
Also provide outputs from "show run vpn 0" and "show control local-properties"

stefan.radovanovici · ‎06-29-2019

Ping between the service VPNs at each vedge will only work if there is a BFD session up between the two vedges. No BFD sessions, no traffic.

The BFD sessions will only be established if the two vedges can establish IPSEC connections between themselves, to bring the BFD sessions up. For example if both vedges are behind a NAT/PAT router, then it won't work. It such a case, you can use a hub-and-spoke scenario where you have a central "hub" vedge with full internet connectivity (i.e. no NAT or 1-to-1 NAT).