Tuesday 25 July 2023

SDWAN- Route Leaking Between VPNs - SDWAN

 Condition :

Customer having different VPNs for different Service and they want VPN 2 to Communicate with VPN 1 

Use of Export Command 

Topology :

SITE ID 300 


SITE ID  100







SITE ID 300 vEDGE-4 Configured with Service VPN 2 


SITE ID 100 vEDGE-01 with Service VPN 1 




Now lets Start the Process and configuration for VPN 1 and VPN 2 communication 

vSMART - With Central Policy configuration for VPN 1 route to export in VPN 2 and vice versa VPN 2 Route to export in VPN1 

vSmart# show running-config policy

policy

 data-policy test-cflowd-policy

  vpn-list vpn_1

   sequence 1

    match

     protocol 1

    action accept

     cflowd

   default-action accept

 cflowd-template test-cflowd-template

  template-refresh 90

  collector vpn 1 address 1.1.1.20 port 13322 transport transport_tcp

 lists

  vpn-list vpn_1

   vpn 1

  vpn-list vpn_2

   vpn 2                                                                                                                                                                                                                                                                                                                   site-list cflowd-sites

   site-id 100

   site-id 200

   site-id 300

 control-policy SHARED-SERVICES-TO-SPOKES

  sequence 1

   match route

    vpn-list vpn_2

   action accept

    export-to

     vpn 1

  sequence 2

   match route

    vpn-list vpn_1

   action accept

    export-to                                                                                                                                                                                                           vpn 2

  default-action accept

                                                                                                     

Now Validate the Routes from VPN 1 and VPN 2 on vEDGES for SITEs  

vEDGE-01  SITE ID 100 - OMP Routes , we can see the VPN 2 routes showing in VPN 1 


SITE ID 100 - vEDGE-01 - VPN 1 Subnet 10.160.10.2/24 

SITE ID 300 - vEDGE-04 - VPN 2 Subnet 10.4.251.2/24          



Below we have seen all routes recevied from vSmart on vEdge-01 via OMP in VPN 1

vEDGE01 -


Below we have seen all routes recevied from vSmart on vEdge-04 via OMP in VPN 2

vEDGE04- 



Now lets check if we can reach from vEDGE-01 VPN 1 to vEDGE-04 VPN 2 Subnets








Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)