Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AutoVPN Question

Solved
NewMerakiGuy
Comes here often
‎Mar 25 2024 8:19 AM
‎Mar 25 2024 8:19 AM

AutoVPN Question

Hello team,

 

I'm building AutoVPN between Primary and Secondary Hubs with another location Primary and Secondary Hubs (total 4 Hubs) and I have few questions about that integration:

 

 

1- What information need to collect to build this integration (such as WAN IP, VLANs, and so on).

 

2- Does Static Routing is required only on the Hub ? please could guide me how is the Routing is needed on Meraki

 

3- Does Spoke MX firewalls connecting to the ISP through the Hub ?

Labels:
0 Kudos
Subscribe
1 Accepted Solution
In response to NewMerakiGuy
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 25 2024 9:13 AM
‎Mar 25 2024 9:13 AM

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

0 Kudos
Subscribe
4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 25 2024 8:38 AM
‎Mar 25 2024 8:38 AM

Auto VPN Configuration Details

Enable Auto VPN by defining how the WAN Appliance will communicate with the rest of the Auto VPN domain

If the WAN Appliance is configured as a Hub, it will build VPN tunnels to all other Hub WAN Appliances in the Auto VPN domain (in the same dashboard organization). It will also build VPN tunnels to all Spoke WAN Appliances in the Auto VPN domain that have this WAN Appliance configured as a hub. If all WAN Appliances in the Auto VPN domain are configured as Hub then the Auto VPN has a full mesh topology.

 

 

 

 

If the WAN Appliance is configured as a Spoke, it will build tunnels to only the WAN Appliances that are configured as its Hubs.  If the majority of WAN Appliances in the Auto VPN domain are configured as Spoke with only a few key locations (such as data centers or headquarters) configured as hubs, then the Auto VPN environment has a hub-and-spoke topology.

 

 

 

 

Full Tunnel or Split Tunnel

By default all WAN Appliances in the Auto VPN domain (dashboard organization) will only send traffic to an Auto VPN peer if the traffic is destined for a subnet contained within the Auto VPN domain. This is often referred to as 'split-tunnelling,' meaning that VPN-subnet-bound traffic is sent over VPN, and other traffic is routed normally via the primary WAN Appliance WAN uplink. If an organization wants to route all traffic (including traffic not contained within the Auto VPN domain) through a specific hub site, this is referred to as 'full-tunneling.' 

Note that full-tunneling only affects client data and all Meraki management traffic will egress directly via the primary WAN regardless.

 

To configure full-tunneling in a full mesh topology simply define an Exit hub from the WAN Appliances in the Auto VPN domain.

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Meraki_Auto_VPN_-_Configuration_and_Troubleshoo...

 

For the question 3 the answer is yes.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
NewMerakiGuy
Comes here often
‎Mar 25 2024 9:04 AM
‎Mar 25 2024 9:04 AM

@alemabrahao I don't see any Routing related

0 Kudos
Subscribe
In response to NewMerakiGuy
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 25 2024 9:13 AM
‎Mar 25 2024 9:13 AM

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 25 2024 12:41 PM
‎Mar 25 2024 12:41 PM

>1- What information need to collect to build this integration (such as WAN IP, VLANs, and so on).

 

You'll need to know the IP addresses to configure on each interface of the MX you plan to use.

 

>2- Does Static Routing is required only on the Hub ? please could guide me how is the Routing is needed on Meraki

 

AutoVPN will automatically advertise all routes it knows about to all other hubs and spokes.

 

>3- Does Spoke MX firewalls connecting to the ISP through the Hub ?

 

Only if you enable the "default route" option when configuring the hub they use.  Otherwise Internet traffic will go directly out to the Internet.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.