SDWAN Lesson 7 Providing Internet to Vedge (Direct Internet Access DIA)

Internet access for vEDGE

Model:

Configure using CLI:

policy
 data-policy _vpn10_go_internet
  vpn-list vpn10
    sequence 1
     match
      source-data-prefix-list PC_9
      destination-data-prefix-list DNS_GG
     !
     action accept
      nat use-vpn 0
      
     !
    !
  default-action accept
 !
 lists
  data-prefix-list PC_9
   ip-prefix 10.1.9.0/24 
  !
  data-prefix-list DNS_GG
   ip-prefix 8.8.8.8/32 
  !
  site-list hai-site-list
   site-id 2-3 
  !
  vpn-list vpn10
   vpn 10 
  !
 !
!
apply-policy
 site-list hai-site-list
  data-policy _vpn10_go_internet from-service
 !
!

On the edge:

VPN0:

———-
VPN 0
interfacege0/0
IP address 192.168.1.10/24
Nat

Interface ge0/1
IP address 192.168.11.10/24
Nat

———-

VPN10:

VPN 10
Interface ge0/3
IP address 10.1.9.1/24
Do not shut down
!
IP route 0.0.0.0/0 VPN 0

OP
Advertisement is connected

result:

vEdge1_temp_configed# ping 8.8.8.8 vpn 10
Ping in VPN 10
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes in 8.8.8.8: icmp_seq=1 ttl=126 time=45.0 ms
64 bytes in 8.8.8.8: icmp_seq=2 ttl=126 time=35.0 ms
64 bytes in 8.8.8.8: icmp_seq=3 ttl=126 time=42.7 ms
64 bytes in 8.8.8.8: icmp_seq=4 ttl=126 time=40.9 ms

refer to: