Verify tunnel statuses of an SD-WAN topology

You can verify the tunnel statuses of SD-WAN topologies, including checking VPN tunnel status in the Site-to-Site VPN Summary page and Dashboard, viewing virtual tunnel interfaces on devices, and verifying BGP routing configuration on hubs and branches.

Verify tunnel statuses on the Site-to-Site VPN summary page

To verify if the VPN tunnels of the SD-WAN topologies are up, choose Secure Connections > Site-to-Site VPN & SD-WAN.

This example shows the five SD-WAN topologies with two hubs and four spokes in different regions that are connected to dual ISPs:

View tunnel statuses in the Site-to-Site VPN summary page

Verify tunnel statuses on the Site-to-Site VPN dashboard

To view details of the SD-WAN VPN tunnels, choose Insights & Reports > VPN dashboards > Site-to-Site VPN.

This example shows the VPN tunnels for an SD-WAN topology with two hubs and four spokes in different regions that are connected to dual ISPs:

View tunnel statuses in the Site-to-Site VPN dashboard

To view more details of each VPN tunnel:

  1. Hover over a tunnel.

  2. Click the View Full Information (View icon) icon. A pane with tunnel details and more actions is displayed.

  3. Click the CLI Details tab in the side pane to view the show commands and details of the IPsec security associations.

    View details of CLI commands in the Site-to-Site VPN dashboard

View virtual tunnel interfaces of the devices

To view the dynamic VTIs of hubs and static VTIs of spokes:

  1. Choose Devices > Device Management.

  2. Click the edit icon for a hub or a spoke device.

  3. Click the Interface tab.

  4. Click the Virtual Tunnels tab.

    For each VTI, you can view details such as name, IP address, IPsec mode, tunnel source interface details, topology, and remote peer IP.

This image shows an example of the virtual access interfaces created dynamically by a hub's DVTI:

View VTI's in the Interface page

This image shows an example of the static tunnel virtual interfaces (SVTIs) created on a spoke by the SD-WAN wizard:

View VTI interfaces in the Device page

The SD-WAN wizard assigns IP addresses to these tunnel interfaces from the IP address pool of the hub.

Verify routing in the hub and branch devices

To verify the BGP configuration of the hubs and spokes of the SD-WAN topologies:

  1. Choose Devices > Device Management.

  2. Click the edit icon for a hub or a spoke device.

  3. Click the Device tab.

  4. Click CLI in the General card. The CLI Troubleshoot window appears.

  5. Enter one of these commands in the Command field and click Execute:

    • show route

    • show BGP summary