Meraki

Community

Large scale VPN rollout with MX100s

ccampbell
New here
‎Oct 30 2017 11:34 AM
‎Oct 30 2017 11:34 AM

Large scale VPN rollout with MX100s

I've just started with a new company that has 200+ sites deployed today with site to site VPN tunnels using a pair of MX100s. What type of limitations, if any, will we experience if we continue down this same path.

 

I'm my previous position, I would have done this type of configuration using a router connecting back to a dual hub DMVPN configuration.

0 Kudos
4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 30 2017 11:54 AM
‎Oct 30 2017 11:54 AM

The MX100 is limited to having 250 concurrent VPN tunnels.

https://meraki.cisco.com/lib/pdf/meraki_whitepaper_mx_sizing_guide.pdf

If you keep growing you will need to upgrade to an MX250.

https://meraki.cisco.com/products/appliances/mx250

 

AutoVPN is a million times simpler than DMVPN (or iWAN as it is now called).

0 Kudos
In response to PhilipDAth
Yuri
New here
‎Jun 12 2018 9:42 PM
‎Jun 12 2018 9:42 PM

Hello,

 

If i understand correctly, mx appliances do not built vpn on needs but vpns to other sites are always on.

 

So if you need full mesh connectivity for 100 sites with 2 wan, your mx establishes 200 vpn tunnels always on with other sites. Your mx appliance needs to support at least 200 vpn tunnels.

 

Is my understanding correct?

 

Thanks

0 Kudos
In response to Yuri
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 12 2018 9:45 PM
‎Jun 12 2018 9:45 PM

Correct.

0 Kudos
Happiman
Building a reputation
‎Jun 13 2018 10:06 AM
‎Jun 13 2018 10:06 AM

The DMVPN is dead, if it is not we should kill it w/o  mercy. 🙂

 

I have 90 sites on MX100.  The CPU is hovering between 50-75%.

 

image.png

 

 

 

 

 

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.