Hello all
I have a weird issue and I'm literally losing my mind, I want to try clouldexpress (cloud on ramp for IaaS) in my eve-ng lab.
all my vEdges can reach the internet also I have turned app-visibility on I did some applications policy and worked fine.
but when I try to do the cloudexpress the application stays red even tho when I open the same application in the browser it shows in the DPI but not in the cloudexpress app.
I did suspect that it's DNS issue so I found that the vEdge doesn't resolve names through vpn 0, but it does resolve them on vpn 1, I did check everything but no luck.
noting that my vmanger doesn't access the internet idk if this relevant
I hope anyone can help me with this because I'm losing my mind
that's one of my vEdges configuration:
bfd app-route poll-interval 10000
system
host-name vEdge1
system-ip 2.1.1.1
site-id 1
admin-tech-on-failure
no route-consistency-check
organization-name network-lab
vbond 10.10.100.2
aaa
auth-order local radius tacacs
usergroup basic
task system read write
task interface read write
!
usergroup netadmin
!
usergroup operator
task system read
task interface read
task policy read
task routing read
task security read
!
usergroup tenantadmin
!
user admin
password $6$EGF05c24x.zG7IwK$qzGxsZX5z1ADe9EtL3oLwfkqxjn5TfYmxbgkj75c1h6V7NwnLPl92eCHHF2LdmBNn/eXk1ANZQD2SrN0uaE2S0
!
!
logging
disk
enable
!
!
!
bfd app-route poll-interval 10000
omp
no shutdown
graceful-restart
advertise connected
advertise static
!
security
ipsec
authentication-type ah-sha1-hmac sha1-hmac
!
!
vpn 0
dns 1.1.1.1 primary
router
bgp 65005
address-family ipv4-unicast
network 172.16.2.0/30
!
neighbor 172.16.2.1
no shutdown
remote-as 1
address-family ipv4-unicast
!
!
!
!
interface ge0/0
ip address 192.1.1.1/24
nat
!
tunnel-interface
encapsulation ipsec
color public-internet restrict
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
interface ge0/1
ip address 172.16.2.2/30
tunnel-interface
encapsulation ipsec
color mpls restrict
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 192.1.1.254
!
vpn 1
dns 1.1.1.1 primary
cloudexpress
node-type client
allow-local-exit
local-interface-list ge0/0
applications google_apps
!
interface ge0/2
ip address 192.1.21.1/24
no shutdown
policer 8K in
vrrp 21
priority 150
track-omp
ipv4 192.1.21.254
!
dhcp-server
address-pool 192.1.21.0/24
offer-time 600
lease-time 86400
admin-state up
options
default-gateway 192.1.21.254
dns-servers 1.1.1.1
!
!
!
ip route 0.0.0.0/0 vpn 0
!
vpn 512
interface eth0
ip address 10.0.0.4/24
no shutdown
!
!
policy
app-visibility
policer 8K
rate 1024000
burst 15000
exceed drop
!
lists
data-prefix-list TELNET_BLOCK
ip-prefix 16.16.16.16/32
!
!
access-list TELNET_BLOCK
sequence 1
match
destination-data-prefix-list TELNET_BLOCK
destination-port 23
protocol 6
!
action drop
count TELNET-COUNT
!
!
default-action accept
!
!
No comments:
Post a Comment