Connectivity / Bridging between 2 Meraki Org

SOLVED
amabt
Building a reputation

Connectivity / Bridging between 2 Meraki Org

We have 2 Meraki Org A & B  that we are trying to merger together over a long period. Our Data Centre DC1A (using an MX100)  in Org A has services that sites needs to access via VPN and not exposed to the Internet.

 

Our plan is to migrate site from Org A to Org B one by one (move hardware & licenses etc) and re-create the site over in Org B. Keeping down time to a minimal.

 

Sites from Org A will be recreated in Org B (lets call it network B1). However B1 still need to access DC1A until it is  moved over at the end of migration phrase.

 

What is the best and simplest option "bridge" B1 with DC1A (still in the old Org). How would you do this? Can it be done with only Meraki HW / VMXs in Azure or needing additional hardware?

 

Thanks

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

The easiest option is to put a second MX in DC1A from the second org.  Each uses AutoVPN to their own respective spokes.

 

Then add static routes in each MX for the other MX spokes routed via the other MX, and redistribute those static routes into AutoVPN.

 

Now all spokes and talk to all other spokes regardless of the Org they are in.

View solution in original post

5 REPLIES 5
DarrenOC
Kind of a big deal
Kind of a big deal

If you have MXs in each Org why not build a s2s VPN?  Once you have connectivity confirmed between your Orgs and Networks then build out your plan to migrate your Networks.

 

Meraki support will need to assist you with moving your licenses between the Orgs.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
CptnCrnch
Kind of a big deal
Kind of a big deal


Meraki support will need to assist you with moving your licenses between the Orgs.


...if you're still on Co-Term licensing. Using PDL this can be accomplished by the admin himself.

 

I'd have supposed to using an 3rd Party VPN too, as AutoVPN can't be used in this scenario.

amabt
Building a reputation

We are on PDL and I've test moved devices and licenses so not an issue there.

 

3rd party VPN was one option suggested by Meraki support.

PhilipDAth
Kind of a big deal
Kind of a big deal

The easiest option is to put a second MX in DC1A from the second org.  Each uses AutoVPN to their own respective spokes.

 

Then add static routes in each MX for the other MX spokes routed via the other MX, and redistribute those static routes into AutoVPN.

 

Now all spokes and talk to all other spokes regardless of the Org they are in.

amabt
Building a reputation

Thanks. This is effectively what we have settled on to test. We've put one of our spare MX (joined to Org B) in DC1A acting as a VPN Concentrator and then use static routes.

 

We are still testing this out fully.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels