How to Configure SIG Tunnel using vManage for SDWAN

                 How to Configure SIG Tunnel using vManage for SDWAN


Before we configure from vManage , follow the steps :

Step 1 : Login to Cisco Umbrella Portal (https://login.umbrella.com/)

Step 2 : Click on Admin --> API Keys -- > Click on Umbrella Management

Note : If Keys are not generated then generate it & copy the key & secret (we need to use this info in vManage SIG feature template)

Org ID is written at the URL , Example : https://dashboard.umbrella.com/o/ORG_ID #/admin/apikeys



Step 3 : Login to vManage & create SIG credential feature template & enter Umbrella Key, Secret & ORG ID copied from Umbrella Portal




Step 4 : Once SIG credential feature template created, then create SIG feature template



add the details like Ipsec tunnel number , Source Interface (VPN 0 transport interface) & IKE parameters to build IPSEC tunnel (SIG) with Cisco Umbrella





And if you have added 2  Tunnels then in high availability section of SIG feature template one you add can as primary & another one as secondary ..


Step 5 : Now we need to point the default route of Service VPN (LAN VPN) towards SIG tunnel over internet , this can be achieved by adding default route in service VPN  as service route 








Step 6 :  Attach the SIG Credential & SIG template to device templates & we are done ... & You will see Dynamic Tunnels created in Umbrella   

Below is sample the configuration in cEdge device 


SDWAN config enabling SIG service 

!
sdwan
 service sig vrf global
  ha-pairs
   interface-pair Tunnel100001 active-interface-weight 1 None backup-interface-weight 1
  !

Tunnel Config under sdwan 
!
interface Tunnel100001
  tunnel-options tunnel-set secure-internet-gateway-umbrella tunnel-dc-preference primary-dc source-interface GigabitEthernet1
!

SIG Credentials
!
secure-internet-gateway
 umbrella org-id XXXXX
 umbrella api-key XXXX
 umbrella api-secret XXXX
!

Ipsec Tunnel

!
cEdge#sh run int Tunnel100001
Building configuration...

Current configuration : 241 bytes
!
interface Tunnel100001
 ip unnumbered GigabitEthernet1
 ip mtu 1400
 tunnel source GigabitEthernet1
 tunnel mode ipsec ipv4
 tunnel destination dynamic
 tunnel vrf multiplexing
 tunnel protection ipsec profile if-ipsec1-ipsec-profile
end


Crypto config

!
crypto ikev2 policy policy1-global
 proposal p1-global
!
crypto ikev2 profile if-ipsec1-ikev2-profile
 no config-exchange request
 dpd 10 3 on-demand
 dynamic
 lifetime 86400
!
crypto ikev2 proposal p1-global
 encryption aes-cbc-128 aes-cbc-256
 group 14 15 16 2
 integrity sha1 sha256 sha384 sha512
!
crypto ipsec transform-set if-ipsec1-ikev2-transform esp-gcm 256
 mode tunnel
!
crypto ipsec profile if-ipsec1-ipsec-profile
 set ikev2-profile if-ipsec1-ikev2-profile
 set transform-set if-ipsec1-ikev2-transform
 set security-association lifetime kilobytes disable
 set security-association lifetime seconds 3600
 set security-association replay window-size 512
!


Routing in sevice VPN 111
!
ip sdwan route vrf 111 0.0.0.0/0 service sig
!
!
Tunnel in Umbrella portal with cEdge device ...


















Comments

Post a Comment

Popular posts from this blog

Mutable & Immutable Data Types

Image
                    Mutable & Immutable Data Types  Mutable Data Types : Data Types (Variables) whose values can be changed or updated after they are created and assigned are called mutable.. Immutable Data Types : Data Types (Variables) whose values  can not  be changed or updated after they are created and assigned are called mutable.. Lists [ ] In above Example you can see x is  list data type which consists of values 1,2,3,4 .. In position 0 of x  (position 0 is index value),  1 was present but then we assigned 100 in position 0 of x .. Hence value of position 0 is updated from 1 to 100 ... Hence , List data type is mutable in nature.. I will cover more details on index position of list data type in further blog... Dictionary {Key:Value} : In above Example you can see ips is dictionary data type which consists of key :values pair .. Inside Dictionary vBond , vSmart & vManages are Keys... And 1.1.1.1 , 2.2.2.2 & 3.3.3.3 are its values respectively ... Then we replaced/u
Read more