Explains foundational VPN concepts, including configuration of interfaces in the WAN transport VPN and management VPN, to provide essential background for VPN deployment and operation.
A VPN template in Cisco Catalyst SD-WAN is a configuration template that
-
enables the creation of separate feature templates for each VPN, and
-
supports configuration of VPN 0 and VPN 512 on all device types, with additional VPN templates for segmenting service-side user networks on Cisco IOS XE Catalyst SD-WAN devices.
Types of VPNs
The types of VPNs in Cisco Catalyst SD-WAN include:
-
VPN 0—Transport VPN, which carries control traffic via the configured WAN transport interfaces. Initially, VPN 0 contains all of a device's interfaces except for the management interface, and all interfaces are disabled.
-
VPN 512—Management VPN, which carries out-of-band network management traffic among the Cisco IOS XE Catalyst SD-WAN devices in the overlay network. The interface used for management traffic resides in VPN 512. By default, VPN 512 is configured and enabled on all Cisco IOS XE Catalyst SD-WAN devices. For controller devices, by default, VPN 512 is not configured.
-
VPNs 1–511, 513–65530—Service VPNs, for service-side data traffic on Cisco IOS XE Catalyst SD-WAN devices.
You create a separate VPN feature template for each VPN. For example, create one feature template for VPN 0, a second for VPN 1, and a third for VPN 512.