EMAIL SUPPORT
dclessons@dclessons.comLOCATION
AFMulti-Topology Per VPN
Multi-Topology Per VPN
Task: Configure the Topology as per following task:
- VPN 10: Full Mesh (Any Branch can reach to any branch directly)
- VPN 20: Hub and Spoke, Any branch in this VPN should go to DC and then to Destination Branch
- VPN 40: VPN 40 should only access to Direct Internet and should not access to any other host in any branch
To achieve this use the following task to Configure above Scenario.
Topology:
Solution:
Before Configuring the Template, let’s verify and see how the connectivity is.
Go to vManage | Monitor | Network | BR2-VEDGE1 | Troubleshooting | Traceroute
Enter 10.3.0.21 as Destination | VPN 10 | Source Interface in VPN 10
The above output shows that there is direct path between Branch 1 and Branch 2 in VPN 10.
Same can be verified for VPN 20.
To configure the Template go to Configuration | Policies | Centralized Policy | Add Policy to go to Create group of Interest, This has been already configured so we need to just do next and we will come under Configure Topology and VPN member Section.
Click on Topology | Name it dclessons-MultitopologyperVPN | Add Topology | Select Sequence Type | Route
Name Sequence | Route-4-VPN10 | Match VPN-List Corp-VPN | Action Accept. | Save Match & Action
Click on Sequence type Route | Name Route-4-VPN20 | Match | VPN-List Sec-pci-VPN, Site-List All-Branches | Action Accept, Set TLOC DC-TLOCs | Save Match & Action
Select Default Action: Accept | Save Control Policy
Comment
TABLE OF CONTENTS
- Onboarding & Provisioning Configuring Templates
- Authentication between vSmart & vBond
- Authentication between vSmart Controller
- Authentication between vBond & vEdge Router
- Authentication between vEdge Router & vManage NMS
- Authentication between vSmart Controller & vEdge Router
- Viptela Specific Port Terminology
- Configure vManage & Generate Certificate
- Configure vBond & Generate Certificate
- Configure vSmart & Generate Certificate
- Configure vEdge & Generate Certificate
- Secure DataPlane Bringup
- Control Plane & Data Plane Operation - Unicast Routing Overview
- Configuring OMP & Its attributes
- Configure Unicast Overlay Routing
- Routing Configuration Example
- Segmentation Overview
- Configuring Segmentation
- Segmentation Configuration Example
- Data Traffic across Private WANs
- NAT in SDWAN & Data Encryption
- SD-WAN Viptela Policy Overview
- SD-WAN Centralized & Localized Control Policy Overview
- SD-WAN Centralized & Localized Data Policy
- Application – Aware Routing Overview
- Service Chaining
- Traffic Flow Monitoring
- vEdge Router as NAT Device
- Zone Based Firewalls
- Configuring Application Aware Routing
- Configure Centralized Control Policy
- Configuring Centralized Data Policy
- Configuring Cflowd Traffic Monitoring
- Configuring Zone based Firewall
- Service Chaining Configuration Example
- Configuring Service Side NAT
- Configuring Transport side NAT
RECENT POSTS
- Advancing Your Career with Cisco Data Center Mastery: A Comprehensive Guide to Nexus Training
- Securing Networks in the Digital Age: Your Guide to Mastering Cisco Identity Services Engine (ISE)
- Becoming an AWS Solution Architect: Your Path to Cloud Expertise
- Navigating Your Journey to Docker Expertise: Master Docker with Comprehensive Training and Certification
- Transform Your Azure Networking Expertise Through AZ-700 Training
- Why Choose DClessons for Your SD-WAN Velocloud Training Needs
- Next-Level Networking: Unlocking Cisco ACI and DCACIA Potential with DClessons
- Mastering Data Center Technologies with DClessons: A Comprehensive Guide to Cisco CCIE Data Center Training
- Why Choose Cisco SD-WAN Solutions with DClessons?
- What is Docker and Why is It Important?
LEAVE A COMMENT
Please login here to comment.