Verify Tunnel Statuses of an SD-WAN Topology

Verify Tunnel Statuses on the Site-to-Site VPN Summary Page

To verify if the VPN tunnels of the SD-WAN topologies are up, choose Device > VPN > Site-to-Site.

Following are the five SD-WAN topologies with two hubs and four spokes in different regions that are connected to dual ISPs:

To view details of the SD-WAN VPN tunnels, choose Overview > Dashboards > Site-to-site VPN.

Following are the VPN tunnels for an SD-WAN topology with two hubs and four spokes in different regions that are connected to dual ISPs:

To view more details of each VPN tunnel:

Hover over a tunnel.
Click the View Full Information () icon. A pane with tunnel details and more actions appears.
Click the CLI Details tab in the side pane to view the show commands and details of the IPsec security associations.

To view the dynamic VTIs of hubs and static VTIs of spokes:

Choose Devices > Device Management.
Click the edit icon for a hub or a spoke device.
Click the Interface tab.
Click the Virtual Tunnels tab.

For each VTI, you can view details such as name, IP address, IPsec mode, tunnel source interface details, topology, and remote peer IP.

Following image shows an example of the virtual access interfaces created dynamically by a hub's DVTI:

Following image shows an example of the static tunnel virtual interfaces (SVTIs) created on a spoke by the SD-WAN wizard:

The SD-WAN wizard assigns IP addresses to these tunnel interfaces from the IP address pool of the hub.

To verify the BGP configuration of the hubs and spokes of the SD-WAN topologies:

Choose Devices > Device Management.
Click the edit icon for a hub or a spoke device.
Click the Device tab.
Click CLI in the General card. The CLI Troubleshoot window appears.
Enter the following commands in the Command field and click Execute:
- show route
- show bgp summary