MX SD-WAN

Aamir
Here to help

MX SD-WAN

Hi,

 

I am trying to understand when designing SD-WAN solution whether to choose one-armed mode or NAT mode MX for a customer environment. I understand one-armed mode is recommended for DC which support BGP and required for DC-DC fail over but if customer has only one HO and dont really need BGP on the overlay what other reasons would justify a one-armed mode?

 

Thanks,

Aamir

3 REPLIES 3
MerakiDave
Meraki Employee
Meraki Employee

Hi @Aamir if you simply want to leverage the MX as a VPN Concentrator you can leverage one-armed mode even if you do not require BGP functionality.  The other time when you would use this mode is for passthrough, in which case you would also have devices connected behind the LAN interfaces, and the MX basically becomes a bump-in-the-wire and operates in bridge mode but can still give you the security capabilities, but not as a VPNC.

 

Sounds like you've already reviewed the docs but just in case, review Appendix 1 here:

https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide

and

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Does the customer have an existing firewall they want to keep - or are they happy to replace it with the MX?

Happy to replace with MX.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels