In this lab you are going to create an extranet policy to leak the

traffic better two different service VPNs.

 VPN1
 VPN2

Task1 – Intial Verification – Default

Behaviour
Intial Verification
Cisco SD-WAN Extranet VPN Lab Guide  Task1 – Intial Verification – Default Behaviour  Intial Verification
COMPLETE

Access to vManage UI. Open Firefox Browser from Mgmt-PC (D2)

and click on vManage bookmark.
Login using below details,
Username: admin
Password: admin
Open Monitor>Network

Click on B1-R1
Click on Real Time
Select IP Routes from Device Options and Choose do not filter
option
Now Select DC-R1 from Select Devices

Select IP Routes from Device Options and Choose do not filter

option
Now Select B2-R1

Select OMP Received Routes from Device Options and Choose do

not filter option
Now , Select OMP Advertised Routes for B1-R1

Select OMP Advertised Routes from Device Options and Choose

do not filter option
Select vSmart

Select OMP Advertised Routes from Device Options and Choose

do not filter option
Use MTPutty available on desk top D2 (Mgmt-PC)) to open B2-R1
session
ping vrf 1 10.2.2.1
ping is failed here

Task2 – Extranet Policy

Extranet policy Configuration
Cisco SD-WAN Extranet VPN Lab Guide  Task2 – Extranet Policy  Extranet policy Configuration
COMPLETE

Go to Configure>Policies
Then click Add Policy

Choose Site from the List and click on New Site List
Configure,
Site List Name: B1
Add Site: 100

Configure,
Site List Name: B2
Add Site: 200
Click Add

Click on VPN from the list to add new VPN Lists

Configure,
VPN List Name:VPN1
Add VPN: 1
Then click Add
Also Configure,
VPN List Name: VPN2
Add VPN : 2

Click Next

Then under Topology click on Add Topology and Select Custom

Control
Configure,
Name : Extranet
Description: Extranet
Edit Default Action by click on Pencil icon as shown

Click on Accept(Highlighted in Green) and then on Save Match And

Actions

Click on Sequence Type

Choose Route

Then Click On Sequence Rule

Click on Site as shown

Select B1 From Site list

Click on VPN

Select VPN2 from VPN List

Now Click on Actions

Choose Accept and then Click on Export To
Then Select VPN1
Save Match And Action

Now again Click on Sequence Rule

Click on Site as shown and Select B2 from the list

Click on VPN and Select VPN1 from VPN List

Choose Accept and then Click on Export To

Then Select VPN2
Save Match And Action and then the Policy
Save Match and Actions

Save Control Policy

Click next twice Until you reach Apply Policies ..page

Then Configure ,
Policy Name: Centralized Policy
Policy Description: Centralized Policy
Under Topology Section Click on New Site List
Choose B1 and B2 for Inbound as well as Outbound Site List
Then click on Add and Save Policy

Under Configure>Policies
Click on Preview for Centralized-Policy

Now Activate the Policy

Click on Activate
Wait until the push is Succesful

Task3 – Verification
Verification
Cisco SD-WAN Extranet VPN Lab Guide  Task3 – Verification  Verification
COMPLETE

Go to Monitor>Network

Select vSmart
Click on Real Time
Select OMP Advertised Routes from Device Options and click on Do not Filter
Now click on Select Device and select B2-R1

Select OMP Received Routes from Device Options and click on Do not Filter
Now,Click on B1-R1

Select OMP Received Routes from Device Options and click on Do not Filter
Select MTPuTTy available on Desktop D2 and open B2-R1 SSH session

ping vrf 1 10.2.2.1