A configured router added to a session will establish a VPN tunnel to Cisco dCloud automatically when your session is active. This process is typically transparent and reliable. In situations where you are unsure if the VPN tunnel is established or for additional information when troubleshooting, use the steps in this document.
Pre-requisites
Before you can troubleshoot your VPN tunnel, ensure that you have met the follow pre-requisites:
- You added your router to a session when you scheduled the session or after the session became active.
- Your session is active.
Testing Connectivity
- Using a straight through Ethernet cable, connect the Wired Client to an available port on the router. This will vary by router model; however, all routers recommended for use with Cisco dCloud will have an available port.
- Configure the Ethernet port on the Wired Client to receive its IP address via DHCP.
- Confirm that the Wired Client has received an IP address.
- From the Wired Client, browse to dcloud.cisco.com to access the Cisco dCloud UI and log in with your Cisco.com credentials.
- Use the Bandwidth Test to verify that the port needed for VPN connectivity (TCP 443) is not blocked at your site.
- From the Wired Client, ping AD1 at 198.18.133.1. This ping should be successful.
- From the Wired Client, Telnet to the router at 10.0.1.1. You will not be prompted to login.
- Use the following commands to verify the state of the VPN tunnel.• show crypto isakmp sa – should show a state of QM_IDLE.• show crypto ipsec client ezvpn – should show a state of IPSEC ACTIVE
- If the VPN tunnel is not up, issue a ping to AD1 sourced from VLAN 10.