cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Hub and Spoke Configuration with local breakout of Office 365 traffic

Conversationalist

Hub and Spoke Configuration with local breakout of Office 365 traffic

Team,

 

We have two sites with HO having Meraki One arm configured as VPN Concentrator. The branch location is with Meraki configured in routed mode. We have auto vpn configured between these and HO Meraki is hub for the Branch location. Hence all the traffic including Internet flows through HO location. We have a requirement to have Office 365 traffic breakout locally from Branch office rather getting back hauled from HO locations. Please let us know how we can configure this.

 

Thanks

 

12 REPLIES 12
Building a reputation

Re: Hub and Spoke Configuration with local breakout of Office 365 traffic

I think this could simply be done with a split tunnel. 

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Settings

 

Sections : Default Route   / Tunneling

Conversationalist

Re: Hub and Spoke Configuration with local breakout of Office 365 traffic

Thank you for your response. Unfortnately I have MX100 not a MX-Z. I do not get this option of split tunnel.

Building a reputation

Re: Hub and Spoke Configuration with local breakout of Office 365 traffic

On your MX that is configured in routed mode you should be able to see those options : 

 

Security & SD-WAN -> Site-to-site VPN

 

splittunnel.png

 

 

Those options are not available on the MX that is configured as one-arm VPN concentrator

Conversationalist

Re: Hub and Spoke Configuration with local breakout of Office 365 traffic

Thank you. Yes I can see these options on my branch meraki. We have configured as hub mesh on my branch. Where can I see the split tunnel option?

Kind of a big deal

Re: Hub and Spoke Configuration with local breakout of Office 365 traffic


@VAdmin wrote:

Thank you for your response. Unfortnately I have MX100 not a MX-Z. I do not get this option of split tunnel.


Don't panic there's no such thing as an MX-Z, that's just Meraki speak for "any MX or Z device", Z being the teleworker devices.

Conversationalist

Re: Hub and Spoke Configuration with local breakout of Office 365 traffic

Okay got it thanks 

Kind of a big deal

Re: Hub and Spoke Configuration with local breakout of Office 365 traffic

Why not let the Office users communicate directly with Office365/Azure cloud? Its encrypted. Local directories may be synch'ed with OneDrive.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Conversationalist

Re: Hub and Spoke Configuration with local breakout of Office 365 traffic

Yes right I want the office users to communicate directly without going through the tunnel. Hence looking for that configuration.

Kind of a big deal

Re: Hub and Spoke Configuration with local breakout of Office 365 traffic

I'm a bit hazy on this, but I'm pretty sure support can enable the bypassing of full tunnel for specific IP addresses/ranges.  You have to open a support case.  I would do this and ask about those capabilities.

 

Your problem will be that Office 365 will have lots and lots of IP address ranges.

 

 

I would investiagte re-engineering the network so you don't use a centralised Internet access and instead use local break out for everything.

Highlighted
Kind of a big deal

Re: Hub and Spoke Configuration with local breakout of Office 365 traffic

I would investigate re-engineering the network so you don't use a centralised Internet access and instead use local break out for everything.

 

I absolutely endorse this suggestion from @PhilipDAth . We have moved to having all servers/storage in the Cloud and being very SAASy.

It works, and it is very cost effective.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Conversationalist

Re: Hub and Spoke Configuration with local breakout of Office 365 traffic

Thank you.

Kind of a big deal

Re: Hub and Spoke Configuration with local breakout of Office 365 traffic

Quote - 

 

Your problem will be that Office 365 will have lots and lots of IP address ranges.

 

Conveniently, MS has a new service to supply the required IP addresses - Office 365 URLs and IP address ranges 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.