Scribd
Upload
518 views24 pages

Cisco SD-WAN Extranet VPN Lab

This document provides instructions for creating an extranet policy to leak traffic between two different VPNs - VPN1 and VPN2. It involves 3 main tasks: 1. Initial verification of default behavior which shows ping failures between the VPNs. 2. Configuration of the extranet policy which defines topology and sequence rules to accept traffic from one VPN and export it to the other. 3. Verification of the policy by checking routes are now seen between devices in different VPNs and ping succeeds.

Uploaded by

Shashank Tripathi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
518 views24 pages

Cisco SD-WAN Extranet VPN Lab

This document provides instructions for creating an extranet policy to leak traffic between two different VPNs - VPN1 and VPN2. It involves 3 main tasks: 1. Initial verification of default behavior which shows ping failures between the VPNs. 2. Configuration of the extranet policy which defines topology and sequence rules to accept traffic from one VPN and export it to the other. 3. Verification of the policy by checking routes are now seen between devices in different VPNs and ping succeeds.

Uploaded by

Shashank Tripathi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 24

In this lab you are going to create an extranet policy to leak the

traffic better two different service VPNs.

 VPN1
 VPN2

Task1 – Intial Verification – Default


Behaviour
Intial Verification
Cisco SD-WAN Extranet VPN Lab Guide  Task1 – Intial Verification – Default Behaviour  Intial Verification
COMPLETE

Access to vManage UI. Open Firefox Browser from Mgmt-PC (D2)


and click on vManage bookmark.
Login using below details,
Username: admin
Password: admin
Open Monitor>Network

Click on B1-R1
Click on Real Time
Select IP Routes from Device Options and Choose do not filter
option
Now Select DC-R1 from Select Devices

Select IP Routes from Device Options and Choose do not filter


option
Now Select B2-R1

Select OMP Received Routes from Device Options and Choose do


not filter option
Now , Select OMP Advertised Routes for B1-R1

Select OMP Advertised Routes from Device Options and Choose


do not filter option
Select vSmart

Select OMP Advertised Routes from Device Options and Choose


do not filter option
Use MTPutty available on desk top D2 (Mgmt-PC)) to open B2-R1
session
ping vrf 1 10.2.2.1
ping is failed here

Task2 – Extranet Policy


Extranet policy Configuration
Cisco SD-WAN Extranet VPN Lab Guide  Task2 – Extranet Policy  Extranet policy Configuration
COMPLETE

Go to Configure>Policies
Then click Add Policy

Choose Site from the List and click on New Site List
Configure,
Site List Name: B1
Add Site: 100

Configure,
Site List Name: B2
Add Site: 200
Click Add

Click on VPN from the list to add new VPN Lists


Configure,
VPN List Name:VPN1
Add VPN: 1
Then click Add
Also Configure,
VPN List Name: VPN2
Add VPN : 2

Click Next

Then under Topology click on Add Topology and Select Custom


Control
Configure,
Name : Extranet
Description: Extranet
Edit Default Action by click on Pencil icon as shown

Click on Accept(Highlighted in Green) and then on Save Match And


Actions

Click on Sequence Type


Choose Route

Then Click On Sequence Rule

Click on Site as shown

Select B1 From Site list


Click on VPN

Select VPN2 from VPN List

Now Click on Actions


Choose Accept and then Click on Export To
Then Select VPN1
Save Match And Action

Now again Click on Sequence Rule


Click on Site as shown and Select B2 from the list

Click on VPN and Select VPN1 from VPN List

Choose Accept and then Click on Export To


Then Select VPN2
Save Match And Action and then the Policy
Save Match and Actions

Save Control Policy

Click next twice Until you reach Apply Policies ..page


Then Configure ,
Policy Name: Centralized Policy
Policy Description: Centralized Policy
Under Topology Section Click on New Site List
Choose B1 and B2 for Inbound as well as Outbound Site List
Then click on Add and Save Policy

Under Configure>Policies
Click on Preview for Centralized-Policy

Now Activate the Policy

Click on Activate
Wait until the push is Succesful

Task3 – Verification
Verification
Cisco SD-WAN Extranet VPN Lab Guide  Task3 – Verification  Verification
COMPLETE

Go to Monitor>Network

Select vSmart
Click on Real Time
Select OMP Advertised Routes from Device Options and click on Do not Filter
Now click on Select Device and select B2-R1

Select OMP Received Routes from Device Options and click on Do not Filter
Now,Click on B1-R1

Select OMP Received Routes from Device Options and click on Do not Filter
Select MTPuTTy available on Desktop D2 and open B2-R1 SSH session

ping vrf 1 10.2.2.1

You might also like