Configuration Advice

Karl0
New here

Configuration Advice

If I can ask for some advice before i embark on this,

 

We have 2 x MX84s and 1 x Z3

Primary site (A) has MX84A Configured Hub(Mesh) With VPN from Z3 into it

.

Secondary Site (B) has MX84B Site-to-site VPN currently off - on the perimeter for traffic only for site (B)

 

Site A-B are connected via MPLS not via the MX’s

 

Site B currently has 3 VPNS coming in to existing non MX firewall,

I need to move the 3 VPNs (Non Meraki) from the old firewall to the MX – inbound to site B only, and not to effect site A is this possible under one company, can you have 2 Hub(mesh) configured?

2 REPLIES 2
jdsilva
Kind of a big deal

When you're doing Non-Meraki VPN hubs don't actually matter (but yes, you can have as many hub as you want for AutoVPN).

 

If you want to only nail up a VPN to Site B you will need to control the Non-Meraki VPN via Peer Availability using tags.

 

Here's the Non-Meraki doc:

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Settings#Non-Meraki_VPN_peers

 

And specifically, this section:

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Settings#Peer_availability

Happiman
Building a reputation

@Karl0 

 

You need to create a "tag" and assign it to a program where you run the site-2-site VPNs.

 

image.png

The tag becomes the "Availability" for the non Meraki VPN

image.png

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels