Meraki

Community

Application Based Rouitng on MX

Mostafa
New here
‎Dec 27 2017 4:40 AM
‎Dec 27 2017 4:40 AM

Application Based Rouitng on MX

We have  a HUB-Spoke scenario "central site=Hub and remote sites=Spokes", from Spoke side, it's requested to route all traffic through the VPN "site-site" except Office365 traffic, it should be forwarded to the internet directly/locally.

The normal way to achieve the above setup was to get a list of IP ranges for Office365 "100+ IP and subnets", and exclude it from the VPN, but I'm looking for a more smart scenario which is Application Base Routing; if supported.

So, wish is anyone can advise, Is it supported on MXs to take the routing decision based on URL or Application?

0 Kudos
6 Replies 6
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 27 2017 11:30 AM
‎Dec 27 2017 11:30 AM

If you are using a full tunnel then I don't think this will be possible.

 

The MX spoke will lookup the routing table first, see the default route via the hub, and use that.

0 Kudos
In response to PhilipDAth
Mostafa
New here
‎Dec 27 2017 2:27 PM
‎Dec 27 2017 2:27 PM

Hello Philip,

Thanks for your feedback. The answer is No, it's not full tunnel mode, cuz there are site-site connections between spoke and third party sites "non-Meraki".

0 Kudos
MilesMeraki
Head in the Cloud
‎Dec 27 2017 11:46 AM
‎Dec 27 2017 11:46 AM

No. Meraki does not have the ability to route applications directly out to the "Internet" rather than over a VPN. You can configure VLAN's to not be used in the VPN, to be able to have this traffic routed directly over the "Internet".

 

In your example, why are you routing everything bar Office-365 over the site to site VPN? Why not let all traffic that's not required to go to the site to site VPN directly out to the Internet? - Kind of defeats the purpose of SD-WAN and will also cause higher latency on this traffic? 

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
0 Kudos
In response to MilesMeraki
Mostafa
New here
‎Dec 27 2017 2:25 PM
‎Dec 27 2017 2:25 PM

Hello WANKiller                              

 

Thanks for your feedback, but this is a customer request, where Meraki role is to replace an existing VPN solution, in the existing solution, all Internet Access traffic is inspected by a central Proxy located at the Central Hub. SO, he doesn't want to touch Internet Access Policies, only he wants replace a VPN solution by a more smart VPN solution.

 

In Sophos XG firewall "Cyber-roam or Astro" you can apply firewall rule based on FQDN and then select the next Hop, so Policy rule is combined with Routing Decision, I wonder how such smart handling is not included in Meraki "SDN" yet.

 

 

0 Kudos
In response to MilesMeraki
Guru
Conversationalist
‎Oct 18 2018 7:21 AM
‎Oct 18 2018 7:21 AM

It's amazing to see a SDWAN solution that doesn't have any option to handle office365 traffic

cyr0nk0r
New here
‎Apr 21 2020 3:34 PM
‎Apr 21 2020 3:34 PM

@Meraki, is this supported yet? It's been years people are asking for this.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.