Large scale VPN rollout with MX100s

New here

Large scale VPN rollout with MX100s

I've just started with a new company that has 200+ sites deployed today with site to site VPN tunnels using a pair of MX100s. What type of limitations, if any, will we experience if we continue down this same path.


I'm my previous position, I would have done this type of configuration using a router connecting back to a dual hub DMVPN configuration.

Kind of a big deal

The MX100 is limited to having 250 concurrent VPN tunnels.

If you keep growing you will need to upgrade to an MX250.


AutoVPN is a million times simpler than DMVPN (or iWAN as it is now called).



If i understand correctly, mx appliances do not built vpn on needs but vpns to other sites are always on.


So if you need full mesh connectivity for 100 sites with 2 wan, your mx establishes 200 vpn tunnels always on with other sites. Your mx appliance needs to support at least 200 vpn tunnels.


Is my understanding correct?



Kind of a big deal


Building a reputation

The DMVPN is dead, if it is not we should kill it w/o  mercy. 🙂


I have 90 sites on MX100.  The CPU is hovering between 50-75%.









Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.