Cisco SD-WAN Service VPN

This topic is to discuss the following lesson:

1 Like

Hi @ReneMolenaar and @lagapides ,
I have tested this with my lab.Service VPN is working fine.But I have some confusion because in my main dashboard it said partial wan connectivity.when I dig deeper I found that BFD sessions between two colors are down.


As far as I know WAN edge routers try to form overlay tunnels to every received TLOC from a different site using every available color.So can you please help me to understand this issue.Your help is highly appriciated

Update :slight_smile:
Actually after I configure default route from both vEdge routers Full WAN connectivity obtained.


But If I create static routes to obtain the same connectivity it is not working…

For a example :

If create following summery routes insted of defult route BFD is down between two colors.

ip route 10.65.0.0/16 10.65.91.100

ip route 10.65.0.0/16 10.65.92.100

Can you please explain what is the logic here …

In vEdge1 why next hop in is towards 10.65.91.100 , why not10.65.92.100…

Hello Himanshu

First of all, in this lab, there is no vEdge1, so I am assuming from the context, that you are referring to the output of vEdge3. Indeed, in the routing table of vEdge3, we see that in order to reach the network of 10.1.0.0/24, it says that the next-hop IP is 10.65.91.100.

Now, this is not necessarily incorrect, since, in the network diagram, you can see that vEdge3 does connect to the biz-internet cloud which is the 10.65.91.0/24 network. And you can see that the exit interface for vEdge3 to reach that network is Ge0/0 which is correctly indicated in the routing table.

You can see from the configs that this route is statically configured in vEdge3. It may just be that we want vEdge3 to reach this subnet via the biz-internet WAN rather than the public-internet WAN.

So you see, you can configure whatever routing you like, as long as it conforms to the needs of your network. In this particular case, we can assume that communication between Site1 and Site3 should take place via the “private” biz-internet WAN rather than via the public WAN.

I hope this has been helpful!

Laz