Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX 68w behind MX100 for SD-Wan for branch MX's

Solved
NileshSDB
Comes here often
‎Apr 28 2023 1:08 PM
‎Apr 28 2023 1:08 PM

MX 68w behind MX100 for SD-Wan for branch MX's

Here's my setup  Mx100  managed by 3rd party different org.

I would like to add MX to each branch so that I can setup a SD-Wan tunnel from each branch to my corp mx100.

Since managed by 3rd party I am setting up a different org.

 

 

I have created a new org and added the two MX to that org.

I have setup the SD-Wan from the two Mx 68 to MX 68.

However how to do I get the traffic to my lan?  

My goal is all the branched will connect to my Corp Mx68. so the SD-Wan is connected. easy enought.

However do I do get the Corp Mx68 so my local Lan (MX100)  so that the users can ping my local lan and get to the shares.

 

Nilesh

Labels:
0 Kudos
Subscribe
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 1 2023 12:42 PM
‎May 1 2023 12:42 PM

>Plug in Wan port to MX100 Lan get and set a satic ip on MX68 of 192.168.xxx

 

Correct.

 

>Once I do that the branch MX I just configure with SC Wan  and point to Hub...

 

Correct.

 

The MX100 will also need static routes added to the VPN MX behind it, pointing to the VPN MX, for the remote spoke sites.

 

View solution in original post

0 Kudos
Subscribe
4 Replies 4
ww
Kind of a big deal
Kind of a big deal
‎Apr 29 2023 12:50 AM
‎Apr 29 2023 12:50 AM

Do you have some design/drawing you can share?

Are you local lan users behind a vlan of the mx68?  (Is the gateway of that user the mx 68 vlan ip)

 

What does the vpn status and route table indicate?

https://documentation.meraki.com/MX/Site-to-site_VPN/VPN_Status_Page#:~:text=VPN%20Status%20Overview....

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 30 2023 2:14 PM
‎Apr 30 2023 2:14 PM

If the branches (MX68) are in a different organisation than the MX100 - you wont be able to form an SD-WAN between them.

 

You would need to put your own MX into HQ.  This could be installed behind the MX100, and be run in VPN concentrator mode.

https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide 

 

Consult the sizing guide to see how big that VPN concentrator MX would need to be (page 3, especially "Recommended maximum site-to-site VPN tunnels"):
https://meraki.cisco.com/product-collateral/mx-sizing-guide/?file

 

0 Kudos
Subscribe
NileshSDB
Comes here often
‎May 1 2023 7:35 AM
‎May 1 2023 7:35 AM

I will try concentrator mode.

 

Just verify.

Mx100 At HQ.. 192.158.xxx

MX68 at HW different org I control 10.10.xxx

 

Plug in Wan port to MX100 Lan get and set a satic ip on MX68 of 192.168.xxx

Once I do that I will put in vpn concentratior mode.. set vpn router of 192.168.1.0/24?

 

That is where my confusion lies..

Once I do that the branch MX I just configure with SC Wan  and point to Hub...

Is my thought correct.. 

 

I have never had to connect to MX on seperate org before so this is new to me.

Appreciate your assistance..

 

Eventually once I can get teh Mx in MY org .. if possible and get into singel org I an remove concertator and setup as normal sd-wan connecitons..

 

Thaks for feedback and assistance.

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 1 2023 12:42 PM
‎May 1 2023 12:42 PM

>Plug in Wan port to MX100 Lan get and set a satic ip on MX68 of 192.168.xxx

 

Correct.

 

>Once I do that the branch MX I just configure with SC Wan  and point to Hub...

 

Correct.

 

The MX100 will also need static routes added to the VPN MX behind it, pointing to the VPN MX, for the remote spoke sites.

 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.