L3 core and MX AutoVPN question

Solved
ToryDav
Building a reputation

L3 core and MX AutoVPN question

Hi All,


Running into a scenario where we have an L3 9500 core with SVIs (Gateway) for user subnets for a given site. MX firewalls are going to replace a different vender firewall for outbound internet access and AutoVPN will be used to connect the sites together.

I suspect if a subnet's default gateway lives on the 9500 core (l3 core) then it cannot participate in AutoVPN if MX is intended to be at the Internet Edge in routed mode. Can you confirm my logic is true/false? Will the SVIs need to be migrated to the MX?

Has anyone run into this?

1 Accepted Solution
ww
Kind of a big deal
Kind of a big deal

You can set a static route from the mx to the 9500. And the static route you can advertise  in the autovpn

 

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Addressing_and_VLANs#Static_routes

 

In VPN: Determines whether the MX advertises this static route to site-to-site VPN peers

 

View solution in original post

3 Replies 3
ww
Kind of a big deal
Kind of a big deal

You can set a static route from the mx to the 9500. And the static route you can advertise  in the autovpn

 

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Addressing_and_VLANs#Static_routes

 

In VPN: Determines whether the MX advertises this static route to site-to-site VPN peers

 

alemabrahao
Kind of a big deal
Kind of a big deal

+1 with @ww 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
ToryDav
Building a reputation

Very good. Thank you for the link and the explanation. Cheers!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels