cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Bridging AutoVPN with Cisco DMVPN

SOLVED
Here to help

Bridging AutoVPN with Cisco DMVPN

Hi Everyone,

 

Need everyone's feedback on the best way to have autovpn route redistributed to dmvpn and vice versa.

  • Static route?
  • BGP?
  • OSPF?
  • Any other recommendations?
  • What about the Peplink site to site vpn?

 

The project is to replace all Cisco ISR (Internet termination and DMVPN) with Meraki MX (autovpn and dual uplink)

 

Coco_Phase2_merakiforum.jpgInterim solution

 

As per above diagram, the interim solution is put a MX as vpn concentration mode in DMVPN HUB site. I have setup static route on HQ 2900 for HQ LAN subnets to be able reach all MX site's LAN via Autovpn.

 

The next step is to use HQ 2900 as a bridge to have DMVPN sites to learn all Autovpn routes and vice versa.

EIGRP is currently used in all DMVPN sites.

 

Not sure the best way for above to work.

 

Static route:

DMVPN to AutoVPN:

- put next hop of the MX LAN subnet to the DMVPN HUB tunnel IP address?

AutoVPN to DMVPN:

- create static route on MX: next hop of DMVPN LAN subnet point to VPN concentrator LAN IP

- create static route on VPN concentroator: for DMVPN LAN point to HQ2900 LAN internet IP (optional as there is already a default route?)

 

BGP:

- Enable BGP on bewteen HQ 2900 and VPN concentrator?

- Redistribute EIGRP with BGP bewteen HQ 2900 and VPN concentrator?

https://documentation.meraki.com/MX/Networks_and_Routing/BGP - which scenario does this fit in this guide?

- Will MX learn received route and also advertise all autovpn route?

 

OSPF:

- Enable OSPF on bewteen HQ 2900 and VPN concentrator?

- Redistribute EIGRP with OSFP bewteen HQ 2900 and VPN concentrator?

- As per https://documentation.meraki.com/MX/Site-to-site_VPN/Using_OSPF_to_Advertise_Remote_VPN_Subnets An MX VPN concentrator with OSPF route advertisement enabled will only advertise routes via OSPF; it will not learn OSPF routes???

Also

https://www.willette.works/merging-meraki-vpns/

Non-Meraki VPN routes are not advertised to AutoVPN peers.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: Bridging AutoVPN with Cisco DMVPN

Note that with OSPF it is not two way distribution on the MX side.  It can only advertise AutoVPN routes.  I wont listen to anything you send it.

 

BGP is full two way routing.

 

If you can do it with a smallish number of static routes (consider using larger summary routes), I would use that approach.  My second choice would be BGP.

2 REPLIES 2
Highlighted
Kind of a big deal

Re: Bridging AutoVPN with Cisco DMVPN

Note that with OSPF it is not two way distribution on the MX side.  It can only advertise AutoVPN routes.  I wont listen to anything you send it.

 

BGP is full two way routing.

 

If you can do it with a smallish number of static routes (consider using larger summary routes), I would use that approach.  My second choice would be BGP.

Here to help

Re: Bridging AutoVPN with Cisco DMVPN

Hi Phillip,

 

I was able to redistribute static route to DMVPN/EIGRP. However, I was unable to find out the option on MX to create static route destine to DMVPN subnet to the next hop.

In my case the next hop is the HQ MX vpn concentrator. If I apply the next hop as the local MX GW it will not work.

 

Any suggestion?

Does this mean I need to setup BGP on HUB MX, spoke MX and DMVPN HQ router?

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.