Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki VPN S2S (VPC)

Marcus
Conversationalist
‎Jan 8 2024 9:52 AM
‎Jan 8 2024 9:52 AM

Meraki VPN S2S (VPC)

Hello everybody,
I have a customer who currently has a firewall deployment and is replacing it with Meraki (MX105).
Today he has 2 WAN links on his website and for each VPC on AWS he only has 3 VPNs.
Understand that the way to create a redundant site-to-site VPN is to use vMX on the AWS side and that there would be up to 2 active VPNs per box on the customer site side with 2 WAN.
And to upload as a VPN for each VPC, do I need one vMX per VPC?

 

Tks,

Labels:
0 Kudos
Subscribe
3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 8 2024 12:26 PM
‎Jan 8 2024 12:26 PM

I can't understand what you are saying or what you are asking.

 

I think you are asking about creating an AutoVPN connection between an MX105 and multiple Amazon AWS VPCs.  If this is the case you want to deploy a transit gateway (in AWS), put the VMX in the same VPC as the transit gateway, and use the transit gateway to provide connectivity to the different VPCs.

 

AutoVPN will failover between both WAN links on the MX105.

 

This is a high-complexity configuration.

 

You want a configuration like this:
https://aws.amazon.com/quickstart/architecture/cisco-meraki-vmx/ 

 

 

If there are only a small number of VPCs you could also consider getting a VMX-S for each VPC.  This is a low-complexity configuration.

Subscribe
In response to PhilipDAth
Fabios1
Conversationalist
‎Jan 9 2024 6:54 AM
‎Jan 9 2024 6:54 AM

Hi Philip!

I work with Marcus, and what we need is to deploy redundant VPNs from the customer site to AWS. Today the customer is using a non-Cisco Firewall with 2 WAN links and 3 VPNs for each AWS VPC, I didn't understand the logic between the 3 VPNs and two WAN links, but on the next contact with the customer I'll try to understand better. They asked us to deploy a similar solution on Meraki, and if possible use both VPNs to Load Balance the traffic through the WAN links.

We're thinking on vMX just because of the third VPN, because we think that we can do an third-party VPN from one MX105 to AWS, and two VPNs from another MX105 to vMX on AWS. As I never saw some topology using this kind of solution I'm not sure if this works. And I still have a question: if the customer has 10 vPC, do they need 10 vMX?

 

Another option is to talk with the customer, about using two VPNs because he has two WAN links and to not use vMX.

 

In both cases, we'll need to do some engineering using different Meraki Networks and routing on the site side.

 

Regards,

0 Kudos
Subscribe
In response to Fabios1
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 9 2024 10:13 AM
‎Jan 9 2024 10:13 AM

>We're thinking on vMX just because of the third VPN, because we think that we can do an third-party VPN from one MX105 to AWS, and two VPNs from another MX105 to vMX on AWS

 

You can't do this.

You can also only use a single non-Meraki VPN from the MX to AWS, and you can't failover between the WAN links on a single MX.

 

The only way to achieve this is by using a VMX and AutoVPN.  You can either use a transit VPN (like I linked to) and put a VMX there, or you put a VMX into each VPC.  The VMX will build an AutoVPN tunnel to both WAN ports on an MX.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.