Cisco MX 84 Firewall configuration with AWS Direct Connect

dmo61 · ‎12-01-2022

Has anyone gone through the process of connecting an MX 84 with a direct connect circuit to AWS and did you use the MX as a VPN concentrator to get the BGP peer to work with the AWS virtual interface connected to your layer 2 direct connect circuit?

PhilipDAth · ‎12-01-2022

I think you'll need a traditional router to terminate the circuit (or a Cisco enterprise switch with BGP support) for this configuration.

I don't think you'll get this to work with only a Meraki MX.

dmo61 · ‎12-02-2022

Sorry if I wasn't clear, the circuit is terminated and live using a Comcast router on our side and the AWS Direct Connect service on the AWS side. I was looking for more information on configuration for the portion of the network from the ISP router into our Meraki network. The AWS Virtual interface BGP settings need to match the BGP configuration from our Meraki environment to complete routing through the peer connection. Our current firewall is set up as Hub/Spoke and does not allow me to create BGP peer connections so using a VPN concentrator behind the edge firewall with our private ethernet connection to AWS was the only solution I have seen thus far that may work.

PhilipDAth · ‎12-05-2022

>The AWS Virtual interface BGP settings need to match the BGP configuration from our Meraki environment

I don't believe you'll be able to do this on your Meraki MX.

I think you'll need a traditional router to terminate the circuit (or a Cisco enterprise switch with BGP support) for this configuration.