BGP routing over IPSec => VTI Support?

Getting noticed

BGP routing over IPSec => VTI Support?



A few quick questions : I noticed that non-meraki VPNs now support BGP routing. In any other case (ASA, routers, etc) I would associate this with Virtual Tunnel Interfaces.


- So is Meraki supporting VTI-based VPNs without calling them VTIs?

- What does this BGP-routing option mean for AutoVPN ; can external routes be advertised over AutoVPN?


It seems very interesting (I've been waiting for some kind of VTi-support for quite some time) but I also have many questions 🙂


with kind regards,


Marcel Tempelman.


4 Replies 4
Kind of a big deal
Kind of a big deal

I don't know for sure because I don't yet run 19.1. But at least all the options (like the /30 IPsec subnet) speak for a VTI-like implementation. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Meraki Employee
Meraki Employee

To give hopefully some clarification here:

Routed tunnels are built off generic traffic selectors, so they'll take whatever gets routed to them so long as a matching route exists. This does indeed mean that yes, routing between Non-Meraki VPNs and AutoVPN is possible now, in addition to being able to full-tunnel traffic from a Non-Meraki site to a Meraki one.

Getting noticed

Is it a VTI or not? I don't see how it would work without the other end being configured as VTI.

Meraki Employee
Meraki Employee

MX firmware is Linux-based, so it's not called a "VTI" on our end, but functionally, it should be mostly the same: it sends traffic to an arbitrarily defined interface that maps to a given VPN peer internally, and it does so based on what route information we've learned from said peer.

Get notified when there are additional replies to this discussion.