Afternoon all - I was able to get my network setup using 1 UDMProMax and six UCGMax, after getting everything on the internet, we had a router guy set up an iPSec VPN from the UDMPro to our offsite hosted cloud server on AWS. Then we use site magic to pull it all together and everything is working except that we need that single Tunnel to be available to the SD-WAN - currently it only works for the UDMPro. AI Is saying that a static route needs to be added to the UDMProMax so that it can be populated to the SD-WAN fabric. Would anyone have any experience doing this? Do I just need to add a static route to the tunnel on the UDMProMax and it will populate the fabric like AI says? Any assistance is greatly appreciated.
If I’m being honest – we’re having a lot of strange issues with Site Magic – that being said – if you can find the interface IP for Site Magic you may have some luck routing over it. I’m doing it at one site but if we continue to have issues with Site Magic we’re going to be looking at other options – such as running two gateways – one for the internal traffic and one just for VPN and setup manual VPNs and routing.
Well that is a colossal bummer! Our router guy is checking with Unifi support but I thought I would check on here hoping for nice easy fix! We’ve been using the site magic for months with out other issues then this crept in. Thanks for the info!
Would it be possible to just go with a traditional hub and spoke set up to each facility? If we can’t work out the site magic?
Yes you can definitely do that.
Add it to Site Magic itself. You do not need to add it to the UDMPM static routes.
Did not see a means to do that, the issue we were experiencing had a work around to where we did not need to continue trying to get it added, but our router guy did have a ticket in with support - and we’ve yet to find a way to do that. Would you be able to provide steps used to do that? (not sure if its needed at this point, but it may be down the road).
When I look in site magic settings the VPN tunnels along with some other LANs are greyed out and state that they cannot be selected to participate in the SD-Wan for some reason.