Meraki

MarcelTempelman · ‎Dec 4 2024

Hi,

A few quick questions : I noticed that non-meraki VPNs now support BGP routing. In any other case (ASA, routers, etc) I would associate this with Virtual Tunnel Interfaces.

- So is Meraki supporting VTI-based VPNs without calling them VTIs?

- What does this BGP-routing option mean for AutoVPN ; can external routes be advertised over AutoVPN?

It seems very interesting (I've been waiting for some kind of VTi-support for quite some time) but I also have many questions 🙂

with kind regards,

Marcel Tempelman.

KarstenI · ‎Dec 4 2024

I don't know for sure because I don't yet run 19.1. But at least all the options (like the /30 IPsec subnet) speak for a VTI-like implementation.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

AlexP · ‎Dec 4 2024

To give hopefully some clarification here:

Routed tunnels are built off generic traffic selectors, so they'll take whatever gets routed to them so long as a matching route exists. This does indeed mean that yes, routing between Non-Meraki VPNs and AutoVPN is possible now, in addition to being able to full-tunnel traffic from a Non-Meraki site to a Meraki one.

Bucket

Is it a VTI or not? I don't see how it would work without the other end being configured as VTI.

AlexP

MX firmware is Linux-based, so it's not called a "VTI" on our end, but functionally, it should be mostly the same: it sends traffic to an arbitrarily defined interface that maps to a given VPN peer internally, and it does so based on what route information we've learned from said peer.

Meraki

Community

BGP routing over IPSec => VTI Support?

BGP routing over IPSec => VTI Support?