Meraki Community

Both sites have their own respective ISPs connected to the existing firewall/UTM appliances.  The reason that we have a FCC licensed wireless PTP link rather than a VPN connection is due to bandwidth requirements.  Our existing infrastructure allows a 400Mbps connection between the 2 buildings without any additionally imposed loss to bandwidth as we don't need any security policies to filter or scan between the 2 buildings as packets pass.  The buildings have direct connections for SQL database queries for our TMS software applications, along with hourly replication schedules for our server DR environment, which cannot be done with a VPN tunnel easily without packet loss, etc.

The 2 buildings are on different subnets as well, as our primary HQ location has pretty much saturated all available IP addresses on the existing class C network as well, which is why we did not extend the exiting network to the other building.  I guess a VLAN could be setup and use the ISP at primary HQ site for web traffic, just not the way it was intended to run, especially as we have transitioned into a whole company VOIP system, so concerns would be adding all the extra nodes running traffic over the wireless link and then out to the ISP from the corporate HQ site.

Appreciate all the community help and advice here!

In that case that makes it simple.

On each MX configure a VLAN in the same subnet, assign it to an access port, and plug the WiFi link into it.  Then create a static route pointing to the remote site with he remote subnet(s).

Basically you want to follow this guide, but you don't need to configure the failover VPN.  The MPLS circuit in the document would be your WiFi link.

https://documentation.meraki.com/MX/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN 

That sounds feasible, the problem we have had so far is that when trying to setup a static route with the devices, while also being members of the VPN mesh network, the system argues about subnet overlaps and will not save changes.  We have spent quite a bit of time with Meraki tech support on the phone and emails back and forth, including network topology maps, yet have not been provided a solution as simple as you are recommending, but I will give it a shot and see how it works.  I agree with you, it really should be much simpler than it has turned out to be.  I have never had problems setting this up with all prior devices over the last 10 years - LOL!

You should get a warning about a subnet overlap, but it should still let you save the config.  In your case, the subnet overlap is on purpose.

Hey Philip, one more thing.  In our existing Fortigate (which I'm more used to)  config, I can set an IP on the port the wireless link is connected to, on the Meraki it isn't the same.  I want to make sure I understand how Meraki is doing the "next hop" for routing in the table. Since the wireless link itself is basically transparent (meaning the only IP address is for management) once you plug it into both devices at each end, it acts as one long wireless network cable.  I'm sure this is super easy, but don't want to miss a step. In our existing device we can bind a route to an interface/port.

If I replicate the MPLS with auto-vpn failover, would I set the following route?

MX84-Corporate is 192.168.1.11 and MX84-Kercher is 192.168.15.1

On MX84-Corporate add static route that says subnet 192.168.15.0/24 next hop = 192.168.1.XX?  I'm not sure how to give it a next hop to be honest since there is no IP associated with the link.  Would it be easier to create a VLAN for a port on each MX84 and use that for the routing? We have MS225-48LP's at corporate but not at the other site.

Is anyone else monitoring this thread?