|
3. |
Configure the following parameters based on the features you choose to configure on your network.
-
Enter advertise OMP information.
Table 14.
Advertise OMP
| Field |
Description |
| Add OMP Advertise IPv4 |
| Protocol |
Choose a protocol to configure route advertisements to OMP, for this VPN:
-
bgp
-
ospf
-
ospfv3
-
connected
-
static
-
network
-
aggregate
-
eigrp
-
lisp
-
isis
|
| Select Route Policy |
Enter the name of the route policy. Route policy is not supported in Cisco vManage Release 20.9.1. |
| Add OMP Advertise IPv6 |
| Protocol |
Note
Advertising IPv6 OMP routes as network statements is not supported. This applies when using the Service VPN feature in a configuration group, and applies also when using a Cisco VPN feature template. You can configure to advertise:
-
IPv6 routes by BGP and OSPF protocols
-
Connected routes, static routes, and aggregate routes
The reason for the lack of support is that the Service VPN feature and the Cisco VPN feature template both use the advertise network prefix command, which does not fully support IPv6 addresses.
Choose a protocol to configure route advertisements to OMP, for this VPN:
-
BGP
-
OSPF
-
Connected
-
Static
-
Network
-
Aggregate
|
| Select Route Policy |
Enter the name of the route policy. Route policy is not supported in Cisco vManage Release 20.9.1. |
| Protocol Sub Type |
When you choose the OSPF protocol, specify the sub type as external. |
-
Enter route information.
Table 15.
Route
| Field |
Description |
| Add IPv4 Static Route |
| Network Address* |
Enter the IPv4 address or prefix, in decimal four-point-dotted notation, and the prefix length of the IPv4 static route to configure in the VPN. |
| Subnet Mask* |
Enter the subnet mask. |
| Next Hop/Null 0/VPN/DHCP |
Choose one of the following options to configure the next hop to reach the static route:
-
Next Hop: When you choose this option, the IPv4 Route Gateway Next Hop field appears. Enable this option to add the next hop. You can add a hop with and without a tracker. When you click Add Next Hop, the following fields appear:
When you click Add Next Hop with Tracker, the following fields appear:
-
Address*: Enter the next-hop IPv4 address.
-
Administrative Distance*: Enter the administrative distance for the route.
-
Tracker*: Enter the name of the gateway tracker to determine whether the next hop is reachable before adding that route to the route table of the device.
-
Null 0: When you choose this option, the following field appears:
-
VPN: When you choose this option, the following field appears:
-
DHCP: When you choose this option, the following field appears:
|
| Add BGP Routing |
Choose a BGP route. |
| Add OSPF Routing |
Choose an OSPF route. |
| Add IPv6 Static Route |
| Prefix* |
Enter the IPv6 address or prefix, in decimal four-point-dotted notation, and the prefix length of the IPv6 static route to configure in the VPN. |
| Next Hop/Null 0/NAT |
Choose one of the following options to configure the next hop to reach the static route:
-
Next Hop: When you choose this option and click Add Next Hop, the following fields appear:
-
Null 0: When you choose this option, the following field appears:
-
NAT: When you choose this option, the following field appears:
|
-
Enter service information.
Table 16.
Service
| Field |
Description |
| Add Service |
| Service Type |
Choose a service available at the local site and in the VPN. Values: FW, IDS, IDP, netsvc1, netsvc2, netsvc3, netsvc4, TE, SIG |
| IPv4 Addresses (Maximum: 4)* |
Enter up to four IP address, separated by commas. The service is advertised to the Cisco SD-WAN Controller only if one of the addresses can be resolved locally, at the local site, not via routes learned through OMP. You can configure up to four IP addresses. |
| Tracking* |
Cisco Catalyst SD-WAN tests each service device periodically to check whether it is operational. Tracking saves the results of the periodic tests in a service log. Tracking is enabled by default. |
-
Enter service route information.
Table 17.
Service Route
| Field |
Description |
| Add Service Route |
| Prefix* |
Enter the IP address or prefix. For Umbrella SIG, use any RFC 1918 subnet for Service IP addresses. |
| Service* |
Configure routes pointing to any service. Values: FW, IDS, IDP, netsvc1, netsvc2, netsvc3, netsvc4. |
| VPN* |
Destination VPN to resolve the prefix. |
-
Enter GRE route information.
Table 18.
GRE Route
| Field |
Description |
| Add GRE Route |
| Prefix* |
Enter the IP address or prefix, in decimal four-part-dotted notation, and prefix length of the GRE-specific static route. |
| Interface* |
Enter the name of one or two GRE tunnels to use to reach the service. |
| VPN* |
Enter the number of the VPN to reach the service. This must be VPN 0. |
-
Enter IPSEC route information.
Table 19.
IPSEC Route
| Field |
Description |
| Add ipSec Route |
| Prefix* |
Enter the IP address or prefix, in decimal four-part-dotted notation, and prefix length of the IPsec-specific static route. |
| Interface* |
Enter the name of one or two IPsec tunnel interfaces. If you configure two interfaces, the first is the primary IPsec tunnel, and the second is the backup. All packets are sent only to the primary tunnel. If that tunnel fails, all packets are then sent to the secondary tunnel. If the primary tunnel comes back up, all traffic is moved back to the primary IPsec tunnel. |
-
Enter NAT information.
Table 20.
NAT
| Field |
Description |
| Nat Pool |
| NatPool Name* |
Enter a NAT pool number configured in the centralized data policy. The NAT pool name must be unique across VPNs and VRFs. You can configure up to 31 (1–32) NAT pools per router. |
| Prefix Length* |
Enter the NAT pool prefix length. |
| Range Start* |
Enter a starting IP address for the NAT pool. |
| Range End* |
Enter a closing IP address for the NAT pool. |
| Overload* |
Enable this option to configure per-port translation. If this option is disabled, only dynamic NAT is configured on the end device. Per-port NAT is not configured. Default: Enabled |
| Direction* |
Choose the NAT direction. |
| Nat64 V4 Pool |
| Nat64 V4 Pool Name* |
Enter a NAT pool number configured in the centralized data policy. The NAT pool name must be unique across VPNs and VRFs. You can configure up to 31 (1–32) NAT pools per router. |
| Nat 64 V4 Pool Range Start* |
Enter a starting IP address for the NAT pool. |
| Nat 64 V4 Pool Range End* |
Enter a closing IP address for the NAT pool. |
| Overload* |
Enable this option to configure per-port translation. If this option is disabled, only dynamic NAT is configured on the end device. Per-port NAT is not configured. Default: Disabled |
-
Enter route leak information.
Table 21.
Route leak from Global VPN
| Field |
Description |
| Route Protocol* |
Choose a protocol to configure leak routes from global VPN to the service VPN that you are configuring:
-
static
-
connected
-
bgp
-
ospf
|
| Select Route Policy |
Choose a route policy from the drop-down list. |
| Redistribution (in service VPN) |
| Protocol* |
Choose a protocol from the available options to redistribute the leaked routes:
|
| Select Route Policy |
Choose a route policy from the drop-down list. |
Table 22.
Route leak to Global VPN
| Field |
Description |
| Route Protocol* |
Choose a protocol to leak routes from the service VPN that you are configuring to the global VPN:
|
| Select Route Policy |
Choose a route policy from the drop-down list. |
| Redistribution (in global VPN) |
| Protocol* |
Choose a protocol from the available options to redistribute the leaked routes:
|
| Select Route Policy |
Enter the name of the route policy. |
| Select Route Policy |
Choose a route policy from the drop-down list. |
Table 23.
Route leak between services
| Field |
Description |
| Source VPN |
Enter a value of the source VPN. |
| Route Protocol* |
Choose a protocol from the available options to leak routes from the source service VPN to the service VPN that you are configuring:
|
| Select Route Policy |
Choose a route policy from the drop-down list. |
| Redistribution (in Service VPN) |
| Protocol* |
Choose a protocol from the available options to redistribute the leaked routes:
|
| Select Route Policy |
Choose a route policy from the drop-down list. |
-
Enter route target information.
Table 24.
Route Target
| Field |
Description |
| IPv4 Settings |
| Import Route Target List: Route Target* |
Configure a route target for IPv4 interfaces. It imports routing information from the target VPN extended community. |
| Export Route Target List: Route Target* |
Configure a route target for IPv4 interfaces. It exports routing information to the target VPN extended community. |
| IPv6 Settings |
| Import Route Target List: Route Target* |
Configure a route target for IPv6 interfaces. It imports routing information from the target VPN extended community. |
| Export Route Target List: Route Target* |
Configure a route target for IPv6 interfaces. It exports routing information to the target VPN extended community. |
|