Sample CLI outputs and explanations for monitoring reverse proxy mappings and certificates on SD-WAN controllers and WAN edge devices.
This topic provides sample CLI outputs and explanations for monitoring reverse proxy mappings and certificates on SD-WAN controllers and WAN edge devices.
Monitor Private and Proxy IP Address and Port Numbers of WAN Edge Devices on Cisco SD-WAN Controllers
The following is a sample output from the execution of the show control connections command on a Cisco SD-WAN Controller . In the command output, for a WAN edge device, the entries in the PEER PRIVATE IP and PEER PRIV PORT columns are the configured TLOC IP address and port number of the WAN edge interface. The entries in the PEER PUBLIC IP and PEER PUB PORT columns are the corresponding IP address and port number of the reverse proxy interface. The same command can also be executed on a SD-WAN Manager instance to obtain a similar output.
vsmart1#
show control connections
PEER PEER
PEER PEER PEER SITE DOMAIN PEER PRIV PEER PUB
INDEX TYPE PROT SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT ORGANIZATION REMOTE COLOR STATE UPTIME
-------------------------------------------------------------------------------------------------------------------------------------------------
0 vbond dtls 172.16.1.2 0 0 10.1.1.2 12346 10.1.1.2 12346 EXAMPLE-ORG default up 53:08:18:50
0 vmanage tls 172.16.1.6 1 0 10.2.100.6 45689 10.2.100.6 45689 EXAMPLE-ORG default up 53:08:18:32
1 vedge tls 1.1.100.1 100 1 10.3.1.2 57853 10.2.100.1 53624 EXAMPLE-ORG biz-internet up 53:08:18:44
1 vedge tls 1.1.101.1 101 1 10.4.1.2 55411 10.2.100.1 53622 EXAMPLE-ORG biz-internet up 53:08:18:48
1 vbond dtls 172.16.1.2 0 0 10.1.1.2 12346 10.1.1.2 12346 EXAMPLE-ORG default up 53:08:18:51
vsmart1#
View Mapping of SD-WAN Controller Private IP Address and Port Number to Proxy IP Address and Port Number on Cisco SD-WAN Validator
The following is a sample output from the execution of the show orchestrator reverse-proxy-mapping command on a Cisco SD-WAN Validator . In the command output, the entries in the PROXY IP and PROXY PORT columns are the proxy IP address and port number. The entries in the PRIVATE IP and PRIVATE PORT columns are the private IP address and port number of the transport interface in VPN 0.
vbond#
show orchestrator reverse-proxy-mapping
PRIVATE PROXY
UUID PRIVATE IP PORT PROXY IP PORT
-----------------------------------------------------------------------------
14c35ae4-69e3-41c5-a62f-725c839d25df 10.2.100.4 23456 10.2.1.10 23458
14c35ae4-69e3-41c5-a62f-725c839d25df 10.2.100.4 23556 10.2.1.10 23558
6c63e80a-8175-47de-a455-53a127ee70bd 10.2.100.6 23456 10.2.1.10 23457
6c63e80a-8175-47de-a455-53a127ee70bd 10.2.100.6 23556 10.2.1.10 23557
6c63e80a-8175-47de-a455-53a127ee70bd 10.2.100.6 23656 10.2.1.10 23657
6c63e80a-8175-47de-a455-53a127ee70bd 10.2.100.6 23756 10.2.1.10 23757
6c63e80a-8175-47de-a455-53a127ee70bd 10.2.100.6 23856 10.2.1.10 23857
6c63e80a-8175-47de-a455-53a127ee70bd 10.2.100.6 23956 10.2.1.10 23957
6c63e80a-8175-47de-a455-53a127ee70bd 10.2.100.6 24056 10.2.1.10 24057
6c63e80a-8175-47de-a455-53a127ee70bd 10.2.100.6 24156 10.2.1.10 24157
vbond#
Example: View Mapping of SD-WAN Controller Private IP Address and Port Number to Proxy IP Address and Port Number on a WAN Edge Device
The following is a sample output from the execution of the show sdwan control connections command on a Cisco IOS XE Catalyst SD-WAN device . In the command output, check the entry in the PROXY column for a Cisco SD-WAN Manager instance or a Cisco SD-WAN Controller . If the entry is Yes, the entries in the PEER PUBLIC IP and PEER PUBLIC PORT are the proxy IP address and port number.
Device#
show sdwan control connections
PEER PEER CONTROLLER
PEER PEER PEER SITE DOMAIN PEER PRIV PEER PUB GROUP
TYPE PROT SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT ORGANIZATION LOCAL COLOR PROXY STATE UPTIME ID
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
vsmart tls 172.16.1.4 1 1 10.2.100.4 23558 10.2.1.10 23558 EXAMPLE-ORG biz-internet Yes up 52:08:44:25 0
vbond dtls 0.0.0.0 0 0 10.1.1.2 12346 10.1.1.2 12346 EXAMPLE-ORG biz-internet - up 52:08:50:47 0
vmanage tls 172.16.1.6 1 0 10.2.100.6 23957 10.2.1.10 23957 EXAMPLE-ORG biz-internet Yes up 66:03:04:50 0
Device#
On a Cisco vEdge device , you can obtain a similar output by executing the command show control connections .
View Signed Certificate Installed on a WAN Edge Device for Authentication with Reverse Proxy
The following is a sample output from the execution of the show sdwan certificate reverse-proxy command on a Cisco IOS XE Catalyst SD-WAN device .
Device#
show sdwan certificate reverse-proxy
Reverse proxy certificate
------------------
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, CN = 6c63e80a-8175-47de-a455-53a127ee70bd, O = Viptela
Validity
Not Before: Jun 2 19:31:08 2021 GMT
Not After : May 27 19:31:08 2051 GMT
Subject: C = US, ST = California, CN = C8K-9AE4A5A8-4EB0-E6C1-1761-6E54E4985F78, O = ViptelaClient
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:45:49:53:3a:56:d4:b8:70:59:90:01:fb:b1:
44:e3:73:17:97:a3:e9:b7:55:44:d4:2d:dd:13:4a:
a8:ef:78:14:9d:bd:b5:69:de:c9:31:29:bd:8e:57:
09:f2:02:f8:3d:1d:1e:cb:a3:2e:94:c7:2e:61:ea:
e9:94:3b:28:8d:f7:06:12:56:f3:24:56:8c:4a:e7:
01:b1:2b:1b:cd:85:4f:8d:34:78:78:a1:26:17:2b:
a5:1b:2a:b6:dd:50:51:f8:2b:13:93:cd:a6:fd:f8:
71:95:c4:db:fc:a7:83:05:23:68:61:15:05:cc:aa:
60:af:09:ef:3e:ce:70:4d:dd:50:84:3c:9a:57:ce:
cb:15:84:3e:cd:b2:b6:30:ab:86:68:17:94:fa:9c:
1a:ab:28:96:68:8c:ef:c8:f7:00:8a:7a:01:ca:58:
84:b0:87:af:9a:f6:13:0f:aa:42:db:8b:cc:6e:ba:
c8:c1:48:d2:f4:d8:08:b1:b5:15:ca:36:80:98:47:
32:3a:df:54:35:fe:75:32:23:9f:b5:ed:65:41:99:
50:b9:0f:7a:a2:10:59:12:d8:3e:45:78:cb:dc:2a:
95:f2:72:02:1a:a6:75:06:87:52:4d:01:17:f2:62:
8c:40:ad:29:e4:75:17:04:65:a9:b9:6a:dd:30:95:
34:9b
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
99:40:af:23:bb:cf:7d:59:e9:a5:83:78:37:02:76:83:79:02:
b3:5c:56:e8:c3:aa:fc:78:ef:07:23:f8:14:19:9c:a4:5d:88:
07:4d:6e:b8:0d:b5:af:fa:5c:f9:55:d0:60:94:d9:24:99:5e:
33:06:83:03:c3:73:c1:38:48:45:ba:6a:35:e6:e1:51:0e:92:
c3:a2:4a:a2:e1:2b:da:cd:0c:c3:17:ef:35:52:e1:6a:23:20:
af:99:95:a2:cb:99:a7:94:03:f3:78:99:bc:76:a3:0f:de:04:
7d:35:e1:dc:4d:47:79:f4:c8:4c:19:df:80:4c:4f:15:ab:f1:
61:a2:78:7a:2b:6e:98:f6:7b:8f:d6:55:44:16:79:e3:cd:51:
0e:27:fc:e6:4c:ff:bb:8f:2d:b0:ee:ed:98:63:e9:c9:cf:5f:
d7:b1:dd:7b:19:32:22:94:77:d5:bc:51:85:65:f3:e0:93:c7:
3c:79:fc:34:c7:9f:40:dc:b1:fc:6c:e5:3d:af:2d:77:b7:c3:
88:b3:89:7c:a6:1f:56:35:3b:35:66:0c:c8:05:b5:28:0b:98:
19:c7:b0:8e:dc:b7:3f:9d:c1:bb:69:f0:7d:20:95:b5:d1:f0:
06:35:b7:c4:64:ba:c4:95:31:4a:97:03:0f:04:54:6d:cb:50:
2f:31:02:59
Device#
On a Cisco vEdge device , you can obtain a similar output by executing the command show certificate reverse-proxy .