Meraki

Community

BGP over IPSec to Amazon AWS

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 22 2025 9:45 PM
‎Oct 22 2025 9:45 PM

BGP over IPSec to Amazon AWS

I just did an experiment with using BGP over IPSec to Amazon AWS with MX 19.2.3.

https://documentation.meraki.com/MX/Site-to-site_VPN/BGP_routing_over_IPsec_VPN

 

And it now works (never used to)!  I have stood up two tunnels to an Amazon AWS VPN gateway.  Fully HA.

 

 

For clients using dual VMXs - I think this will be my new preferred way of making them HA inside of Amazon AWS as well.

Labels:
3 Replies 3
jimmyt234
Head in the Cloud
‎Oct 23 2025 12:46 AM
‎Oct 23 2025 12:46 AM

@PhilipDAth wrote:

For clients using dual VMXs - I think this will be my new preferred way of making them HA inside of Amazon AWS as well.

Out of curiosity - why would you prefer this over dual vMX's?

0 Kudos
In response to jimmyt234
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 23 2025 1:42 AM
‎Oct 23 2025 1:42 AM

If the client has lots of sites, I would use dual VMXs, but then use BGP over IPSEC from each VMX to an Amazon AWS VPN or Transit gateway.

 

Currently, I rely on using Lambda scripts performing automations to detect scripts and update configs to handle the failover.

This is so much cleaner.

 

If the customer has a small number of sites, I'm now just as likely to use this approach to go from MXs in a DC straight to Amazon AWS.

In response to PhilipDAth
jimmyt234
Head in the Cloud
‎Oct 23 2025 1:44 AM
‎Oct 23 2025 1:44 AM

Makes sense - thanks Philip.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.