MPLS and AutoVPN failover for one site, the rest on AutoVPN, is this possible ?
I dont know why I always end up asking about strange setups and routing things 🙂
On the above picture you see my "predicament" .
All sites are connected to the internet, and uses the HostingcenterMX as a HUB for AutoVPN.
The Hostingcenter is also advertising static routes to the Servers in AutoVPN.
Now because Internet connection to Site03 is really dodgy, theres an MPLS connection between the Hosting center and Site03.
Is it possible, (when setting up the static routes on Site03 towards the rest of the net over the MPLS, and on the HostingcenterMX towards Site03 over the MPLS) to get all traffic from fx. Site 01 or 02 routed over AutoVPN to the hostingcenter, and then the hostingcenter MX will route it over the MPLS to Site03 (and vise versa from Site03 -> Over MPLS -> Hostingcenter -> Site02 or 01 over AutoVPN) - AND .... if the MPLS fails, have it (Site03) all failover to AutoVPN through the Hostingcenter - (or just MESH dont really care in a failover situation - just as long as there's some kind of connection between sites).
And now Ill start to answer my own questions 🙂
My guess is no, because i will need to make the static route to the MPLS and Site03 on the HostingcenterMX "in vpn", and then I will have overlapping IPs between the AutoVPN and MPLS.
Is it possible ? Am I missing something ?
The only backup plan I have is not using AutoVPN on Site03, and just having it fail if the MPLS goes down (of course they will still have their dodgy internet connection).
OR --- Could this NO-NAT feature I have heard about save me ? By plugging in the MPLS connection on the DC site and on Site03 into Internet 2 ?
Re: MPLS and AutoVPN failover for one site, the rest on AutoVPN, is this possible ?
Sorry for the late reply.
So you would just "plugin" the MPLS connection as internet 2, and run Meraki VPN on top ?
How does this work ? - If the MPLS connection does not provide internet, then the MX cant connect to a VPN registry ?
Or lets say that the MPLS connection had internet access, from a single point, so all MPLS traffic will be nat/pat the internet on a single public IP, would this again work ? Would the Meraki VPN registry be able to tell the MXs that it should create a site to site tunnel on the RFC1918 addresses of the MPLS ?