cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX SD-WAN

Highlighted
Here to help

MX SD-WAN

Hi,

 

I am trying to understand when designing SD-WAN solution whether to choose one-armed mode or NAT mode MX for a customer environment. I understand one-armed mode is recommended for DC which support BGP and required for DC-DC fail over but if customer has only one HO and dont really need BGP on the overlay what other reasons would justify a one-armed mode?

 

Thanks,

Aamir

3 REPLIES 3
Highlighted
Meraki Employee

Re: MX SD-WAN

Hi @Aamir if you simply want to leverage the MX as a VPN Concentrator you can leverage one-armed mode even if you do not require BGP functionality.  The other time when you would use this mode is for passthrough, in which case you would also have devices connected behind the LAN interfaces, and the MX basically becomes a bump-in-the-wire and operates in bridge mode but can still give you the security capabilities, but not as a VPNC.

 

Sounds like you've already reviewed the docs but just in case, review Appendix 1 here:

https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide

and

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...

 

Highlighted
Kind of a big deal

Re: MX SD-WAN

Does the customer have an existing firewall they want to keep - or are they happy to replace it with the MX?

Highlighted
Here to help

Re: MX SD-WAN

Happy to replace with MX.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.