Is there anyone who is using BR100 with CVG? Have some questions and an urgent problem.

  • 1
  • Question
  • Updated 2 years ago
We use a CVG and have nearly 50 BR100. We often have the Problem that HM shows the BR as connected but the Network isn't reachable. If we look to the CVG Routing Tabelle we see there are now route entries for the corresponding Networks.Does anyone has the same Problem? Is there a document for best practice solution with BR and CVG? Config guides from AH are horrible.
Photo of Rocco

Rocco

  • 3 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of Fraser Hess

Fraser Hess

  • 60 Posts
  • 7 Reply Likes
What version of HiveOS are you using on the CVG and Branch Routers?
Photo of Rocco

Rocco

  • 3 Posts
  • 0 Reply Likes

CVG - HiveOS 6.6r1b.2338

BR100 - HiveOS 6.5r3 Honolulu.2530


I can see the BR in the HM as connected and also the route for the Management is available but not the configured remote network

Photo of Bill W.

Bill W.

  • 222 Posts
  • 35 Reply Likes
Have you looked at the Branch on Demand Evaluation Guide? It does a good job of explaining the basics of configuring things.

And do you know the difference between the 4 different icons to show the status of the VPN connection? There are 2 for the CVG and 2 for the routers. The CVG has a key with a downward pointing triangle. The triangle can be red or green. If it is red, then there is no VPN connection with any routers. If it is green, then you have at least one VPN connection. The routers have a key with an upward facing triangle. If the triangle is green, the router has a VPN connection back to the CVG. If the router has a red triangle, then the router does not have a VPN connection back to the CVG.

The VPN status is completely separate from the connection to HiveManager. The first thing you will want to do is run a "Show IKE Event" on the routers that do not have a VPN connection. The info you get from this command is extremely helpful in determining what the problem is. You should also run this on the CVG.

Also, if you just recently upgraded/downgraded the BR100s to 6.5r3 without pushing a full config, try pushing a full config. 6.5r3 changes the IKE encryption algorithm from AES128 to AES256. So a full config push is needed to change it back to AES128.
Photo of BJ

BJ, Champ

  • 374 Posts
  • 45 Reply Likes
If the VPN appears to be up, perhaps you have a routing issue. Are you using OSPF or static routes for the rest of your network to be aware of the remote sites?

Best,
BJ