I think we all know by now that the vMX100 has an end of life date of 2027. I was informed by our Meraki Sales Engineer that I would be able to extend the license. Well, once I added our Co-Termination license last week we are now having a "License Required" error message now. We have 30 days now to transition off the vMX-100 to the vMX-M.
I have scoured the knowledge base and internet for any clear and concise documentation and really non is to found....That is why I am posting hopefully to get some great feedback.
What is the best solution with "NO" downtime.
Option 1. (I have heard horror stories regarding this option about companies being down)
Upgrade vMX100 - vMX-M
Links I have found:
https://documentation.meraki.com/MX/Deployment_Guides/vMX100_to_vMX_S%2F%2FM%2F%2FL_Transition_FAQ
Option 2. (Actually is more of a question)
Can I deploy the VMX-M in parallel with the vMX-100, without interrupting any current production with the VMX100? Once the vMX-M is online and deployed can I then remove the vMX100?
Option 3.
Do not use the vMX at all and configure Meraki to AWS site-to-site VPN
https://aws.amazon.com/quickstart/architecture/cisco-meraki-vmx/
https://www.ifm.net.nz/cookbooks/meraki-vpn-to-amazon-aws.html
I am sure there is alot of companies other than mine are currently going through this issue.
Looking forward to any assistant or feedback.
I thonk It can help you: https://documentation.meraki.com/MX/Other_Topics/MX_Cold_Swap_Replacing_an_Existing_MX_with_a_Differ...)
The link you provided is to replace a MX appliances not a vMX appliance for the cloud. Would that be the exact same steps??
For sure.
Your response does not make sense?? I asked if the link you provided me would be the exact same steps to replace a vMX100. I do not think it would be.
Your response was "Kind of a big deal for sure"??????
Nope, my response was for sure, you can follow the same steps. LoL.
Could it be possible to not use the VMX100 altogether and set up a "Organization-wide settings" Non-Meraki VPN Peers?
I completely understand we will not get the same resilience and traffic engineering capabilities (SD-WAN, basically) that you get through deploying VMX in AWS and using AutoVPN (MX at both ends).
I can set this Peer directly into AWS Transit Gateway.
Can anyone comment on this?
Zero downtime - no.
You could create a new network in the dashboard, and put your new VMX into that. Deploy it into your cloud environment, make sure everything comes online.
Then to cut over, remove the "Local networks" from the VMX100, and add them to the new VMX, and update the cloud routing table to point to your new VMX.
You shoul be able to cut over in 5 minutes.
Philip. When I create the new network should I just clone the existing VMX100 network? Or would that cause any issues with the current vXM100?
Just cone It, it's not for you to have any issues.
I don't see why not. When you initially clone it, AutoVPN will be off so that no harm will be caused.
Note that VMX deploy in routed mode by default. You'll need to change it back to VPN concentrator mode BEFORE you deploy the new VMX into Amazon AWS.