I dont know why I always end up asking about strange setups and routing things 🙂
On the above picture you see my "predicament" .
All sites are connected to the internet, and uses the HostingcenterMX as a HUB for AutoVPN.
The Hostingcenter is also advertising static routes to the Servers in AutoVPN.
Now because Internet connection to Site03 is really dodgy, theres an MPLS connection between the Hosting center and Site03.
Is it possible, (when setting up the static routes on Site03 towards the rest of the net over the MPLS, and on the HostingcenterMX towards Site03 over the MPLS) to get all traffic from fx. Site 01 or 02 routed over AutoVPN to the hostingcenter, and then the hostingcenter MX will route it over the MPLS to Site03 (and vise versa from Site03 -> Over MPLS -> Hostingcenter -> Site02 or 01 over AutoVPN) - AND .... if the MPLS fails, have it (Site03) all failover to AutoVPN through the Hostingcenter - (or just MESH dont really care in a failover situation - just as long as there's some kind of connection between sites).
And now Ill start to answer my own questions 🙂
My guess is no, because i will need to make the static route to the MPLS and Site03 on the HostingcenterMX "in vpn", and then I will have overlapping IPs between the AutoVPN and MPLS.
Is it possible ? Am I missing something ?
The only backup plan I have is not using AutoVPN on Site03, and just having it fail if the MPLS goes down (of course they will still have their dodgy internet connection).
OR --- Could this NO-NAT feature I have heard about save me ? By plugging in the MPLS connection on the DC site and on Site03 into Internet 2 ?
You should use AutoVPN over MPLS. This then makes the MPLS circuit look like another Internet circuit.
Another option is rather than getting an MPLS cirucit to your DC, get an MPLS Internet circuit. Having a plain Internet circuit will make your life easier again.
Sorry for the late reply.
So you would just "plugin" the MPLS connection as internet 2, and run Meraki VPN on top ?
How does this work ? - If the MPLS connection does not provide internet, then the MX cant connect to a VPN registry ?
Or lets say that the MPLS connection had internet access, from a single point, so all MPLS traffic will be nat/pat the internet on a single public IP, would this again work ? Would the Meraki VPN registry be able to tell the MXs that it should create a site to site tunnel on the RFC1918 addresses of the MPLS ?
Im just wondering.
I realise this is a very old post and I am sure that you have already solved the issue, but whilst researching a similar question I came across your entry, and the article I had just been reading seemed to contain the solution - thought I'd reply just in case someone else ended up here.
Would this article not get you where you want to be? https://meraki.cisco.com/blog/2014/02/automatic-mpls-to-vpn-failover-now-in-every-mx/
See https://documentation.meraki.com/MX/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN for the actual configuration options.
The hostingcentre and site03 MX's use static routes to send traffic over the MPLS - BUT, the "Active" field is set to something other than "Always" thus removing the route and failing back to the auto VPN if the MPLS goes down.