Here's my setup Mx100 managed by 3rd party different org.
I would like to add MX to each branch so that I can setup a SD-Wan tunnel from each branch to my corp mx100.
Since managed by 3rd party I am setting up a different org.
I have created a new org and added the two MX to that org.
I have setup the SD-Wan from the two Mx 68 to MX 68.
However how to do I get the traffic to my lan?
My goal is all the branched will connect to my Corp Mx68. so the SD-Wan is connected. easy enought.
However do I do get the Corp Mx68 so my local Lan (MX100) so that the users can ping my local lan and get to the shares.
Nilesh
Solved! Go to solution.
>Plug in Wan port to MX100 Lan get and set a satic ip on MX68 of 192.168.xxx
Correct.
>Once I do that the branch MX I just configure with SC Wan and point to Hub...
Correct.
The MX100 will also need static routes added to the VPN MX behind it, pointing to the VPN MX, for the remote spoke sites.
Do you have some design/drawing you can share?
Are you local lan users behind a vlan of the mx68? (Is the gateway of that user the mx 68 vlan ip)
What does the vpn status and route table indicate?
If the branches (MX68) are in a different organisation than the MX100 - you wont be able to form an SD-WAN between them.
You would need to put your own MX into HQ. This could be installed behind the MX100, and be run in VPN concentrator mode.
https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide
Consult the sizing guide to see how big that VPN concentrator MX would need to be (page 3, especially "Recommended maximum site-to-site VPN tunnels"):
https://meraki.cisco.com/product-collateral/mx-sizing-guide/?file
I will try concentrator mode.
Just verify.
Mx100 At HQ.. 192.158.xxx
MX68 at HW different org I control 10.10.xxx
Plug in Wan port to MX100 Lan get and set a satic ip on MX68 of 192.168.xxx
Once I do that I will put in vpn concentratior mode.. set vpn router of 192.168.1.0/24?
That is where my confusion lies..
Once I do that the branch MX I just configure with SC Wan and point to Hub...
Is my thought correct..
I have never had to connect to MX on seperate org before so this is new to me.
Appreciate your assistance..
Eventually once I can get teh Mx in MY org .. if possible and get into singel org I an remove concertator and setup as normal sd-wan connecitons..
Thaks for feedback and assistance.
>Plug in Wan port to MX100 Lan get and set a satic ip on MX68 of 192.168.xxx
Correct.
>Once I do that the branch MX I just configure with SC Wan and point to Hub...
Correct.
The MX100 will also need static routes added to the VPN MX behind it, pointing to the VPN MX, for the remote spoke sites.