Going to China

MarcP
Kind of a big deal

Going to China

Hi everyone,

 

we are planing to use Meraki MX in China... had a chat to our Meraki SystemEngineer and he said no problem at all, just create an account in chinese dashboard and go on.

 

Sounds preety good to me, but I´m afraid thats not all, is it?

Are there some things I have to keep in mind?

  • In one meraki doc I found this: "All MXs within China Organizations MUST be licensed with Enterprise license." <-- correct? Source
  • Are there regulations of the state that have to be observed (I´m sure there are)?
  • AutoVPN will not be needed.
  • Regarding to Non-Meraki VPN I´ll set everything for internal use (i. e. 172..xx.xx.0/23) to go through the tunnel and all other will go out to the internet, so I should be OK regarding to http/s content (thats what the Meraki SE said) <-- correct? (At the moment we use 0.0.0.0/0 for the tunnel within our home country)
5 REPLIES 5
PhilipDAth
Kind of a big deal
Kind of a big deal

So far, I have only shipped MX's into China so they connect back to a Dashboard outside of China .... and they have worked so far.  They may stop working in the future, who knows.  This allows AutoVPN to work.

 

As I understand it, in the last 30 days the use of Advanced Security licences have been approved in China - but it has some feature limitations.  You can read about them here:

https://documentation.meraki.com/zGeneral_Administration/Support/Information_for_Users_in_China#Unsu...

 

If you don't need AutoVPN then registering the MX on the Chinese version of the Meraki dashboard will be safest.  You can browse https sites in China.  Obvisouly China does block a lots of sites outside of China.

The way the England is talking they will soon have their own great firewall.

MarcP
Kind of a big deal

thanks philip, this is what I was doing before as well but now moved into china cloud because of blocked content etc by law and don´t want to get trouble in the future.

 

OK, so nothing special at all over there.

Uberseehandel
Kind of a big deal

It may be wise to source the Meraki equipment from within China lest you inadvertently violate the various rules about prohibited exports, they have been changed recently.

 

See -

 

http://sanctionsnews.bakermckenzie.com/us-government-imposes-comprehensive-restrictions-on-exports-r...

 

Best clear it with Donald or Melania first

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
cb123
Conversationalist

I have 3 networks in China.  Latency problems getting here obviously but other than that no issues.  I recently converted my Enterprise license to a security license, only lacking feature so far is AMP.  I've had no problems setting up a "non meraki peer" vpn to my US meraki org.  I source my equipment from AFScott/Moo moo networks for 2 years now, they have a meraki china rep but you can pay in USD, etc.

 

As long as you don't route your default traffic through the tunnel to pop out in a different country you will be good in the eyes of China.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels