Meraki

PatWruk

I just have an oddity I'm curious about.

We have 2 MX100s acting as VPN concentrators in 2 different data centers. They advertise their own routes to the (Palo) firewalls we have at the respective locations and the MX100s know the routes from each other, but they do not advertise the routes from the other concentrators.

So DC1 firewall can see the routes for any VPN connected to DC1 MX100, DC2 firewall can see the routes for any VPN connected to DC2 MX100, but DC1 firewall doesn't receive a route for DC2 MX100 or anything connected to that MX and the same for DC2 firewall.

Is there any reason that this wouldn't be advertised through Meraki?

alemabrahao

This was the architecture that Meraki defined, but it was never clear why they chose this (maybe some limitation?)

This always bothered me a little, but it's what we have for now or use BGP.

https://documentation.meraki.com/MX/Site-to-site_VPN/Using_OSPF_to_Advertise_Remote_VPN_Subnets

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

alemabrahao

This was the architecture that Meraki defined, but it was never clear why they chose this (maybe some limitation?)

This always bothered me a little, but it's what we have for now or use BGP.

https://documentation.meraki.com/MX/Site-to-site_VPN/Using_OSPF_to_Advertise_Remote_VPN_Subnets

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

PatWruk

I figured that was the reason, just wasn't sure. Thanks!

Meraki

Community

MX OSPF Question

MX OSPF Question