Large scale VPN rollout with MX100s

ccampbell
New here

Large scale VPN rollout with MX100s

I've just started with a new company that has 200+ sites deployed today with site to site VPN tunnels using a pair of MX100s. What type of limitations, if any, will we experience if we continue down this same path.

 

I'm my previous position, I would have done this type of configuration using a router connecting back to a dual hub DMVPN configuration.

4 REPLIES 4
PhilipDAth
Kind of a big deal

The MX100 is limited to having 250 concurrent VPN tunnels.

https://meraki.cisco.com/lib/pdf/meraki_whitepaper_mx_sizing_guide.pdf

If you keep growing you will need to upgrade to an MX250.

https://meraki.cisco.com/products/appliances/mx250

 

AutoVPN is a million times simpler than DMVPN (or iWAN as it is now called).

Hello,

 

If i understand correctly, mx appliances do not built vpn on needs but vpns to other sites are always on.

 

So if you need full mesh connectivity for 100 sites with 2 wan, your mx establishes 200 vpn tunnels always on with other sites. Your mx appliance needs to support at least 200 vpn tunnels.

 

Is my understanding correct?

 

Thanks

PhilipDAth
Kind of a big deal

Correct.

Happiman
Building a reputation

The DMVPN is dead, if it is not we should kill it w/o  mercy. 🙂

 

I have 90 sites on MX100.  The CPU is hovering between 50-75%.

 

image.png

 

 

 

 

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels