Is 2 MX84's directly connected using a VPN possible?
I have two buildings directly connected by fibre but would like to VPN this connection. They each separately have their own internet connection, and I don't want to use the MX84 to be the main internet connection. I currently achieve this with two Cisco ASA 5520's but would like to replace them.
Is it possible to use 2x MX84's to do this? I was thinking that the WAN1 port from each device could have an internet connection for the Meraki Cloud and the two WAN2 ports could connect directly together for the VPN traffic.
If this won't work (and I'm thinking it won't as the two WAN2 ports are directly connected do not themselves have a connection to meraki cloud to establish the connection) then if the two WAN connections connect directly to a switch (which has a connection to the internet) will it establish the VPN connection and send traffic directly to each other?
Any help or suggestions would be greatly appreciated.
Re: Is 2 MX84's directly connected using a VPN possible?
Hi Chris, Thanks for replying. The fibre although private is about 7km long and patches through several buildings and another companies comms cabinets on the way (It's a railway environment). I'm probably being over cautious but would like to VPN if possible. Do you think this scenario could work? Cheers.
It will make a tunnel to each other and not connect directly to the cloud but I have not tested this nor able to try it in my environment.
You would configure the WAN port 2 to be a point to point private subnet and that would be your "public IP". You can share all the local subnet but not static routes, which may be a limitation for you.
I hope this workaround work for you, let us know how it goes.
Find my post helpful? Please give me a kudo! CCNP Certified and Meraki Operator
When using AutoVPN over a private circuit the private circuit must be connected to the Internet. If when the MX's go to build a VPN they find that they both share the same public IP address (because of NAT) they then assume they are on the same private network, and then will build the VPN between their private IP addresses.