Configuring SDWAN to communicate with the rest of the network

SOLVED
mAineAc
Conversationalist

Configuring SDWAN to communicate with the rest of the network

I have an MX84 acting as a VPN concentrator and will be deploying several remote sites that will communicate back to our core network using the SD-WAN. I was able to set up OSPF and I can see type 5 LSA being advertised into the VPN concentrator but I do not see any of the routes in the VPN concentrator. I am trying to set up split tunnel so that all sites can communicate with core management network and get to LDAP and DNS etc. We use Office 365 extensively and this invariably requires split tunneling so that it can go out the local internet connection or it breaks stuff. I have also tried to set up static routes that point to the VPN concetrator to get around the OSPF issue, which is in the routing table of the spokes, but it complains that it does not know about that device and cannot set up that static route. Static routes are not viable either as there will be some sites that would need hundreds of static routes if I cannot advertise these routes into the SD-WAN environment. There must be a work around that I am missing, something this basic cannot possibly be missing from the configuration of these devices. Is there a different device that I should be using for the VPN concentrator that has the ability to route correctly?

1 ACCEPTED SOLUTION
ww
Kind of a big deal
Kind of a big deal

Mx can only advertise Ospf. You need to add the routes yourself ln the mx concentrator as local networks at sts vpn settings page

https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide#Dashboard_Co...

 

Best way is to run one armed concentrator mode and use bgp

 

View solution in original post

2 REPLIES 2
ww
Kind of a big deal
Kind of a big deal

Mx can only advertise Ospf. You need to add the routes yourself ln the mx concentrator as local networks at sts vpn settings page

https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide#Dashboard_Co...

 

Best way is to run one armed concentrator mode and use bgp

 

View solution in original post

mAineAc
Conversationalist

OK that helped. I can add the local networks to the VPN concentrator and the remote devices can see that.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels