How to Configure SIG Tunnel using vManage for SDWAN

                 How to Configure SIG Tunnel using vManage for SDWAN


Before we configure from vManage , follow the steps :

Step 1 : Login to Cisco Umbrella Portal (https://login.umbrella.com/)

Step 2 : Click on Admin --> API Keys -- > Click on Umbrella Management

Note : If Keys are not generated then generate it & copy the key & secret (we need to use this info in vManage SIG feature template)

Org ID is written at the URL , Example : https://dashboard.umbrella.com/o/ORG_ID #/admin/apikeys



Step 3 : Login to vManage & create SIG credential feature template & enter Umbrella Key, Secret & ORG ID copied from Umbrella Portal




Step 4 : Once SIG credential feature template created, then create SIG feature template



add the details like Ipsec tunnel number , Source Interface (VPN 0 transport interface) & IKE parameters to build IPSEC tunnel (SIG) with Cisco Umbrella





And if you have added 2  Tunnels then in high availability section of SIG feature template one you add can as primary & another one as secondary ..


Step 5 : Now we need to point the default route of Service VPN (LAN VPN) towards SIG tunnel over internet , this can be achieved by adding default route in service VPN  as service route 








Step 6 :  Attach the SIG Credential & SIG template to device templates & we are done ... & You will see Dynamic Tunnels created in Umbrella   

Below is sample the configuration in cEdge device 


SDWAN config enabling SIG service 

!
sdwan
 service sig vrf global
  ha-pairs
   interface-pair Tunnel100001 active-interface-weight 1 None backup-interface-weight 1
  !

Tunnel Config under sdwan 
!
interface Tunnel100001
  tunnel-options tunnel-set secure-internet-gateway-umbrella tunnel-dc-preference primary-dc source-interface GigabitEthernet1
!

SIG Credentials
!
secure-internet-gateway
 umbrella org-id XXXXX
 umbrella api-key XXXX
 umbrella api-secret XXXX
!

Ipsec Tunnel

!
cEdge#sh run int Tunnel100001
Building configuration...

Current configuration : 241 bytes
!
interface Tunnel100001
 ip unnumbered GigabitEthernet1
 ip mtu 1400
 tunnel source GigabitEthernet1
 tunnel mode ipsec ipv4
 tunnel destination dynamic
 tunnel vrf multiplexing
 tunnel protection ipsec profile if-ipsec1-ipsec-profile
end


Crypto config

!
crypto ikev2 policy policy1-global
 proposal p1-global
!
crypto ikev2 profile if-ipsec1-ikev2-profile
 no config-exchange request
 dpd 10 3 on-demand
 dynamic
 lifetime 86400
!
crypto ikev2 proposal p1-global
 encryption aes-cbc-128 aes-cbc-256
 group 14 15 16 2
 integrity sha1 sha256 sha384 sha512
!
crypto ipsec transform-set if-ipsec1-ikev2-transform esp-gcm 256
 mode tunnel
!
crypto ipsec profile if-ipsec1-ipsec-profile
 set ikev2-profile if-ipsec1-ikev2-profile
 set transform-set if-ipsec1-ikev2-transform
 set security-association lifetime kilobytes disable
 set security-association lifetime seconds 3600
 set security-association replay window-size 512
!


Routing in sevice VPN 111
!
ip sdwan route vrf 111 0.0.0.0/0 service sig
!
!
Tunnel in Umbrella portal with cEdge device ...


















Comments

Post a Comment

Popular posts from this blog

Mutable & Immutable Data Types

Image
                    Mutable & Immutable Data Types  Mutable Data Types : Data Types (Variables) whose values can be changed or updated after they are created and assigned are called mutable.. Immutable Data Types : Data Types (Variables) whose values  can not  be changed or updated after they are created and assigned are called mutable.. Lists [ ] In above Example you can see x is  list data type which consists of values 1,2,3,4 .. In position 0 of x  (position 0 is index value),  1 was present but then we assigned 100 in position 0 of x .. Hence value of position 0 is updated from 1 to 100 ... Hence , List data type is mutable in nature.. I will cover more details on index position of list data type in further blog... Dictionary {Key:Value} : In above Example you can see ips is dictionary data type which consists of key :values pair .. Inside Dictionary vBond , vSmart & vManages are ...
Read more

Keywords, Identifiers, Variables , comments & Identity

Image
                              Python Keywords There are several reserved Keywords in python which cannot be used as variable or identifier in python These keywords has same definite purpose and are case sensitive .. We will discuss about these keywords later in due course ...                                        Identifiers  Identifiers are name used identify the variables  It cannot be keywords because keywords are reserved for special purpose Identifiers can start with lower case , UPPER CASE, __ underscore but cannot be special character.. Example : router = "ASR 1k" Here router is Identifier , now ASR 1k is inside double quotes hence router is consider as a string variable. 1 2 3 4 >>> router = "ASR 1K" ...
Read more