Verifying spoke-to-spoke ADVPN communication
To verify spoke-to-spoke ADVPN communication:
-
From Datacenter LAN IP address (10.1.100.1), ping the LAN IP address behind Branch-2 (192.168.5.4):
# execute ping-options source 10.1.100.1 # execute ping 192.168.5.4 PING 192.168.5.4 (192.168.5.4): 56 data bytes 64 bytes from 192.168.5.4: icmp_seq=0 ttl=255 time=0.3 ms 64 bytes from 192.168.5.4: icmp_seq=1 ttl=255 time=0.7 ms 64 bytes from 192.168.5.4: icmp_seq=2 ttl=255 time=0.3 ms 64 bytes from 192.168.5.4: icmp_seq=3 ttl=255 time=0.3 ms 64 bytes from 192.168.5.4: icmp_seq=4 ttl=255 time=0.2 ms --- 192.168.5.4 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 0.2/0.3/0.7 ms
-
Verify the IPsec tunnel summary:
-
In the CLI, enter the following:
# get vpn ipsec tunnel summary ‘oaas_overlay2_0’ 172.16.151.96:0 selectors(total,up): 2/2 rx(pkt,err): 9/0 tx(pkt,err): 9/3 ‘oaas_overlay1’ 38.21.192.175:4500 selectors(total,up): 1/1 rx(pkt,err): 5445/0 tx(pkt,err): 5454/12 ‘oaas_overlay2’ 154.52.5.106:4500 selectors(total,up): 1/1 rx(pkt,err): 5442/0 tx(pkt,err): 5449/12 oaas_overlay2_0 is identified as the spoke’s tunnel that was created for Datacenter to Branch-2 traffic.
-
In the GUI, go to Dashboard > Network and click the IPsec widget to expand it.
-
-
Go to Network > SD-WAN and select the Performance SLAs tab to verify that the performance SLA was updated.
The first performance SLA, oaas_overlay_hub, that corresponds to the spoke-to-hub VPN tunnel is shown as up.