DREAM CISCO - PLAY AND LEARN : SDWAN- Route Leaking Between VPNs

Tuesday, 25 July 2023

SDWAN- Route Leaking Between VPNs - SDWAN

Condition :

Customer having different VPNs for different Service and they want VPN 2 to Communicate with VPN 1

Use of Export Command

Topology :

SITE ID 300

SITE ID 100

SITE ID 300 vEDGE-4 Configured with Service VPN 2

SITE ID 100 vEDGE-01 with Service VPN 1

Now lets Start the Process and configuration for VPN 1 and VPN 2 communication

vSMART - With Central Policy configuration for VPN 1 route to export in VPN 2 and vice versa VPN 2 Route to export in VPN1

vSmart# show running-config policy

policy

data-policy test-cflowd-policy

vpn-list vpn_1

sequence 1

match

protocol 1

action accept

cflowd

default-action accept

cflowd-template test-cflowd-template

template-refresh 90

collector vpn 1 address 1.1.1.20 port 13322 transport transport_tcp

lists

vpn-list vpn_1

vpn 1

vpn-list vpn_2

vpn 2 site-list cflowd-sites

site-id 100

site-id 200

site-id 300

control-policy SHARED-SERVICES-TO-SPOKES

sequence 1

match route

vpn-list vpn_2

action accept

export-to

vpn 1

sequence 2

match route

vpn-list vpn_1

action accept

export-to vpn 2

default-action accept

Now Validate the Routes from VPN 1 and VPN 2 on vEDGES for SITEs

vEDGE-01 SITE ID 100 - OMP Routes , we can see the VPN 2 routes showing in VPN 1

SITE ID 100 - vEDGE-01 - VPN 1 Subnet 10.160.10.2/24

SITE ID 300 - vEDGE-04 - VPN 2 Subnet 10.4.251.2/24

Below we have seen all routes recevied from vSmart on vEdge-01 via OMP in VPN 1

vEDGE01 -

Below we have seen all routes recevied from vSmart on vEdge-04 via OMP in VPN 2

vEDGE04-

Now lets check if we can reach from vEDGE-01 VPN 1 to vEDGE-04 VPN 2 Subnets

DREAM CISCO - PLAY AND LEARN

Tuesday, 25 July 2023

SDWAN- Route Leaking Between VPNs - SDWAN

No comments:

Post a Comment

Pages

Tuesday, 25 July 2023

SDWAN- Route Leaking Between VPNs - SDWAN

No comments:

Post a Comment

SDWAN - DEFAULT ROUTE ADVERTISE HUB to REMOTE SITE

Pages