Router with VLANs behind MX

mgclark
Here to help

Router with VLANs behind MX

Hey,

 

This could be a dumb question, but here goes...

 

We're about to deploy 125+/- MX devices to replace Brand X firewalls. In several locations we have a Cisco 2811 (ancient we know) behind the firewall using up to 4 VLANs. One of those subnets is on the inside of the firewall and the rest are inside the router. We have routes on the firewall to those other VLANs.

 

Our topology will be

 

MX450 HA pair

  |

Internet

  |

MX65W

  |

Cisco 2811

 

With the MX65 networks using a template I can't put routes on the individual network so am I right that the routes will have to go on the MX450s with the next hop being the single subnet on the MX65W?

 

From this can you see a better way?

6 REPLIES 6
Adam
Kind of a big deal

If you are going to Site-to-Site VPN them together you won't have to add the routes for each site.  It'll populate as part of the tunnel participation. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

I should've also mentioned that we're blocking the data subnets from talking to each other while letting the voice subnets go through

You simply specify that the data network don't use the VPN while voice subnets do in Routing page.


Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator
DCooper
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Are you using the router for anything other than the 4 VLANs? Voice services?

For the most part they are little more than switches now. Most of our voice is SIP now. We're deploying quickly without making other changes since our support contract just expired with Brand X. As well there are other dependencies we'd have to resolve before eliminating the 2811s and letting the MX handle the VLAN.

Thanks all. This was a rabbit hole I entered.

 

We're creating the needed vlans in the template and then modifying as needed in the network.

 

I need some mental breadcrumbs for next time... 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.