Meraki

Community

Cisco MX 84 Firewall configuration with AWS Direct Connect

Solved
dmo61
Conversationalist
‎Dec 1 2022 8:08 AM
‎Dec 1 2022 8:08 AM

Cisco MX 84 Firewall configuration with AWS Direct Connect

Has anyone gone through the process of connecting an MX 84 with a direct connect circuit to AWS and did you use the MX as a VPN concentrator to get the BGP peer to work with the AWS virtual interface connected to your layer 2 direct connect circuit?

Labels:
0 Kudos
1 Accepted Solution
In response to dmo61
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 5 2022 11:49 AM
‎Dec 5 2022 11:49 AM

>The AWS Virtual interface BGP settings need to match the BGP configuration from our Meraki environment 

 

I don't believe you'll be able to do this on your Meraki MX.

 

I think you'll need a traditional router to terminate the circuit (or a Cisco enterprise switch with BGP support) for this configuration.

View solution in original post

0 Kudos
6 Replies 6
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 1 2022 12:49 PM
‎Dec 1 2022 12:49 PM

I think you'll need a traditional router to terminate the circuit (or a Cisco enterprise switch with BGP support) for this configuration.

 

I don't think you'll get this to work with only a Meraki MX.

In response to PhilipDAth
dmo61
Conversationalist
‎Dec 2 2022 11:49 AM
‎Dec 2 2022 11:49 AM

Sorry if I wasn't clear, the circuit is terminated and live using a Comcast router on our side and the AWS Direct Connect service on the AWS side. I was looking for more information on configuration for the portion of the network from the ISP router into our Meraki network. The AWS Virtual interface BGP settings need to match the BGP configuration from our Meraki environment to complete routing through the peer connection. Our current firewall is set up as Hub/Spoke and does not allow me to create BGP peer connections so using a VPN concentrator behind the edge firewall with our private ethernet connection to AWS was the only solution I have seen thus far that may work. 

0 Kudos
In response to dmo61
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 5 2022 11:49 AM
‎Dec 5 2022 11:49 AM

>The AWS Virtual interface BGP settings need to match the BGP configuration from our Meraki environment 

 

I don't believe you'll be able to do this on your Meraki MX.

 

I think you'll need a traditional router to terminate the circuit (or a Cisco enterprise switch with BGP support) for this configuration.

0 Kudos
nirmalkaria
Comes here often
‎Aug 13 2023 7:02 PM
‎Aug 13 2023 7:02 PM

Hello @dmo61 - Were you able to set up the BGP configuration for 100 Mb link on Meraki ?

0 Kudos
In response to nirmalkaria
dmo61
Conversationalist
‎Aug 14 2023 6:19 AM
‎Aug 14 2023 6:19 AM

Hi @nirmalkaria , No, there wasn't a way to terminate the circuit straight into an MX appliance. I ended buying a couple PaloAlto 440's and connected them to my Layer 3 Meraki switch stack so I could configure the BGP portion of the private circuit to AWS. 

0 Kudos
In response to dmo61
nirmalkaria
Comes here often
‎Aug 14 2023 12:04 PM
‎Aug 14 2023 12:04 PM

Hello @dmo61 Thank you for your reply. 

 

Mx --- PA --- ISP --- AWS

 

1. Can you share set of configs where needed on Mx or more details about config and Topology 

 

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.