Cisco MX 84 Firewall configuration with AWS Direct Connect

Solved
dmo61
Conversationalist

Cisco MX 84 Firewall configuration with AWS Direct Connect

Has anyone gone through the process of connecting an MX 84 with a direct connect circuit to AWS and did you use the MX as a VPN concentrator to get the BGP peer to work with the AWS virtual interface connected to your layer 2 direct connect circuit?

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

>The AWS Virtual interface BGP settings need to match the BGP configuration from our Meraki environment 

 

I don't believe you'll be able to do this on your Meraki MX.

 

I think you'll need a traditional router to terminate the circuit (or a Cisco enterprise switch with BGP support) for this configuration.

View solution in original post

6 Replies 6
PhilipDAth
Kind of a big deal
Kind of a big deal

I think you'll need a traditional router to terminate the circuit (or a Cisco enterprise switch with BGP support) for this configuration.

 

I don't think you'll get this to work with only a Meraki MX.

dmo61
Conversationalist

Sorry if I wasn't clear, the circuit is terminated and live using a Comcast router on our side and the AWS Direct Connect service on the AWS side. I was looking for more information on configuration for the portion of the network from the ISP router into our Meraki network. The AWS Virtual interface BGP settings need to match the BGP configuration from our Meraki environment to complete routing through the peer connection. Our current firewall is set up as Hub/Spoke and does not allow me to create BGP peer connections so using a VPN concentrator behind the edge firewall with our private ethernet connection to AWS was the only solution I have seen thus far that may work. 

PhilipDAth
Kind of a big deal
Kind of a big deal

>The AWS Virtual interface BGP settings need to match the BGP configuration from our Meraki environment 

 

I don't believe you'll be able to do this on your Meraki MX.

 

I think you'll need a traditional router to terminate the circuit (or a Cisco enterprise switch with BGP support) for this configuration.

nirmalkaria
Comes here often

Hello @dmo61 - Were you able to set up the BGP configuration for 100 Mb link on Meraki ?

dmo61
Conversationalist

Hi @nirmalkaria , No, there wasn't a way to terminate the circuit straight into an MX appliance. I ended buying a couple PaloAlto 440's and connected them to my Layer 3 Meraki switch stack so I could configure the BGP portion of the private circuit to AWS. 

nirmalkaria
Comes here often

Hello @dmo61 Thank you for your reply. 

 

Mx --- PA --- ISP --- AWS

 

1. Can you share set of configs where needed on Mx or more details about config and Topology 

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels