Meraki Community

Billy_R

I have several MX68's and 2 MX95 all setup in an auto vpn mesh. We have a need to have a non Meraki VPN connections setup going out to hosts not part of our network. Do these appliances handle having both connections setup at the same time and can they route traffic accordingly?

alemabrahao

Yes, both auto VPN and a non-Meraki VPN can coexist without problems, just make sure that the peer's network will not overlap with yours and everything is fine.

Site-to-Site VPN Settings - Cisco Meraki Documentation

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

alemabrahao

A non-Meraki VPN does not participate in SD-WAN, meaning it is necessary to create a tunnel with each MX so that they can access the non-Meraki VPN network.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Billy_R

I wouldn't want it to participate with the other meraki's. Basically, we have our auto vpn mesh for corporate data and we have a need to create seperate vpn tunnels out to a datacenter elsewhere that will not participate or be connected at all to any of the corporate network.

I just wanted to make sure the devices would support the connections at the same time and be able to route traffic based on which port/vlan is being used to go out a specific vpn tunnel, either the auto vpn or the non meraki vpn.

Essentially a seperation of traffic, entirely, where one is not aware of nor can it interact with the other.

alemabrahao

Are you talking about PBR?

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...)

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Billy_R

Not necessarily, but that might be an option.

So, better detail here.

We have multiple sites, all using AutoVPN and advertising vlans for each site into that tunnel. Thats good, all working.

We are now needing to add a second vpn connection (site to site) with a 3rd party vendor that will only be for a very specific set of devices and traffic that is not part of the AutoVPN mesh and nothing from the auto vpn should traverse this tunnel and nothing for this tunnel should traverse into the autovpn.

This of it as a PCI complaince setup where we have a network of devices completely seperate from our normal corporate network and can have no mixing of data at all and must keep everything 100% seperate.

Do the MX68's and MX95's support such a configuration where we have a live auto vpn as well as a live ipsec tunnel going somewhere else?

alemabrahao

Yes, both auto VPN and a non-Meraki VPN can coexist without problems, just make sure that the peer's network will not overlap with yours and everything is fine.

Site-to-Site VPN Settings - Cisco Meraki Documentation

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Meraki Community

AutoVPN and Non Meraki VPN

AutoVPN and Non Meraki VPN