Reset Search
 

 

Article

VPN is down after a delta config push

« Go Back

Information

 
TitleVPN is down after a delta config push
Symptoms
  • Layer 3 VPN is down after a delta configuration push 
  • NAT is disabled for one or both of the ETH interfaces as expected:
User-added image
  • But NAT is enabled in the generated delta configuration before the configuration push:
User-added image
  • VPN and routing between XR/BR and VGVA will be down after pushing the configuration to VGVA 
Environment
  • ExtremeCloud IQ 20.5.1.1
  • SD-WAN
  • VGVA
  • Layer 3 VPN
Cause
  • XIQ bug CFD-4868.
  • This was introduced in a recent XIQ upgrade. 
  • The cause of the issue is that NAT mode will be enabled in the generated delta configuration despite that it's disabled on GUI. 
  • The VPN and routes between two sites will be down after the delta configuration is pushed due to that NAT is silently enabled in the delta configuration.
Resolution
Workaround: 
  • Run the following CLI on VGVA if NAT is disabled for both ETH interfaces on GUI
no interface eth0 mode wan nat
no interface eth1 mode wan nat
save config
  • Run the following CLI on VGVA if NAT is disabled for eth0 interface on GUI
no interface eth0 mode wan nat
save config
  • Run the following CLI on VGVA if NAT is disabled for eth1 interface on GUI
no interface eth1 mode wan nat
save config

Long term solution:
  • This has been fixed in XIQ Q2r2.2 release (v20.5.2.6). A configuration push is needed for the impacted VGVA if the workaround has not been applied. 
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255