Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to advertise remote vpn subnet from MX in routed Mode with Multiple Vlan subnets

Solved
Merakibud
Here to help
‎Apr 14 2023 1:59 PM
‎Apr 14 2023 1:59 PM

How to advertise remote vpn subnet from MX in routed Mode with Multiple Vlan subnets

We are setting up a new Meraki SD wan networks(Hub and spoke) replacing the old Meraki SDWan network(full mesh)  without affecting the service operation on the existing network. The plan is to replace each branch site by taking down branch from old org  as we move from old to new. For this we are first installing a MX for new org in the Head office(hub) which cable connect one of its lan port to the lan of  Meraki MX( in old org.) so Now the challenge is how to advertise all the vpn networks from old org to the new org. we are reusing Same private IP subnets from old org to new

can we add static default routes on each MX in Head office with next hop as MX in opposite org.

That is how to advertise remote vpn subnet from MX in routed Mode with Multiple Vlan subnets.

 

Please suggest.

 

0 Kudos
Subscribe
1 Accepted Solution
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Apr 16 2023 12:32 AM
‎Apr 16 2023 12:32 AM

I believe you have two options:
1) you could start with adding static routes for each branch pointing to the LAN interface of the old org Hub MX.  And then when you move a branch to new org, first delete the static on old org and then the route should come in via new org AutoVPN.

2) you could make a summary route that contains all your branches on new org pointing to MX in old org hub. And then just add branches with a more specific mask.  I'm not sure this would present an error.  It surely will give you a warning to confirm at least.

View solution in original post

Subscribe
5 Replies 5
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Apr 16 2023 12:32 AM
‎Apr 16 2023 12:32 AM

I believe you have two options:
1) you could start with adding static routes for each branch pointing to the LAN interface of the old org Hub MX.  And then when you move a branch to new org, first delete the static on old org and then the route should come in via new org AutoVPN.

2) you could make a summary route that contains all your branches on new org pointing to MX in old org hub. And then just add branches with a more specific mask.  I'm not sure this would present an error.  It surely will give you a warning to confirm at least.

Subscribe
In response to GIdenJoe
Merakibud
Here to help
‎Jul 14 2023 2:07 PM
‎Jul 14 2023 2:07 PM

Thank you Glden Joe. It worked

Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 16 2023 1:32 PM
‎Apr 16 2023 1:32 PM

Personally, I would use @GIdenJoe's approach.

 

If you put both MXs into VPN concentrator mode at HQ, you could also consider configuring BGP between them to exchange the routes.

https://documentation.meraki.com/MX/Networks_and_Routing/BGP 

 

If your head office has a L3 switch, you could also consider using OSPF to advertise the routes available in each org (from each MX) to the L3 switch.

https://documentation.meraki.com/MX/Site-to-site_VPN/Using_OSPF_to_Advertise_Remote_VPN_Subnets 

0 Kudos
Subscribe
In response to PhilipDAth
Merakibud
Here to help
‎Jul 14 2023 2:08 PM
‎Jul 14 2023 2:08 PM

Thank you to you as well @PhilipDAth 

0 Kudos
Subscribe
Merakibud
Here to help
‎Apr 26 2023 5:49 PM
‎Apr 26 2023 5:49 PM

Merakibud_0-1682556419030.png

I was still working on this. so this is how we are planning to get the network Transition done from old  SD-WAN to New provider SD-WAN. I am not sure if both FW having the same summary route would not create an error or issue

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.