Meraki

Community

MX95 as a concentrator

Karll
Here to help
‎May 28 2025 2:05 AM
‎May 28 2025 2:05 AM

MX95 as a concentrator

Hello everybody, 

 

Thinking about a possible SD-WAN solution and wanted to double check if it makes sense. 

50 Small 4G/5G Spoke sites (aprox. 10 people per site)

Possible future expansion  - 20 small sites, 20 medium sized offices (40 clients), 1 HQ (300 clients). 

 

Traffic towards concentrator should not exceed 1.5Gbps. 

 

I've checked the sizing principles and MX95 has Recommended Maximum Site to Site VPN Tunnel Count: 250 and Multi-Tunnel VPN Throughput: 2.5 Gbps. 

 

I'd say MX95 HA cluster is a perfect fit with some room to grow still. The bigger MXs are bit of an overkill. 

 

What are your thoughts?

Labels:
17 Replies 17
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 28 2025 3:01 AM
‎May 28 2025 3:01 AM

Based on your description, it would work without any problems, but in your place I would go with the MX 105.

I also recommend working with a Cisco partner to help you identify all your needs.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
Karll
Here to help
‎May 28 2025 3:53 AM
‎May 28 2025 3:53 AM

Thanks for reply. 

 

Could you explain why'd you choose MX105?

 

Technically, we'd barely fit in with MX85 (100 max rec. tunnels, 1Gbps VPN throughput) even with the expansion... 

0 Kudos
In response to Karll
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 28 2025 4:04 AM
‎May 28 2025 4:04 AM

Because of the future prospecting. The MX 105 offers greater user capacity (750) and greater throughput. It is better to err on the side of excess than to have to change everything in the future.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to Karll
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 28 2025 4:05 AM
‎May 28 2025 4:05 AM

Furthermore, you can consider at least 3 devices per user.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Karll
Here to help
‎May 28 2025 4:09 AM
‎May 28 2025 4:09 AM

I think user capacity would be relevant only for the MX on the remote site, no? Not directly for the concentrator. 

0 Kudos
In response to Karll
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 28 2025 4:31 AM
‎May 28 2025 4:31 AM

Yes, I agree, but if you were to follow the recommendation for a hub, the minimum recommended model would be the MX 250.

But if you think the MX95 meets your needs, I believe you can go ahead.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
RWelch
Kind of a big deal
Kind of a big deal
‎May 28 2025 5:54 AM
‎May 28 2025 5:54 AM

If you mentioned it, I might have missed it....is the plan to run split tunnel or full tunnel?  If you are running full tunnel, I'd def suggest going with MX105 as your tunnel count will grow quickly as does the throughput in the equation.  And to @alemabrahao's point, you make the purchase up front but you might find yourself wishing you had gone one model higher later after implementation.  It's like asking yourself if you want the MX95 VPN working constantly at 80-95% CPU or having the MX105 at 50-65% CPU with all traffic flowing.

I manage a customer's setup with the Hub as one MX95 edge appliance with another MX95 VPN concentrator with 6 spokes and their only regret is not going with the MX105 as the VPN concentrator.  But that is what they budgeted for.  

An idea - purchase all spoke and hub items except the VPN and trial what model you feel to be sufficient VPN model to see if it'll meet your requirements / expectations and throughput.  

 

Meraki Free Trials 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to RWelch
Karll
Here to help
‎May 28 2025 6:18 AM
‎May 28 2025 6:18 AM

Split tunnel for the 50 5G/4G sites since it would be hard to do a full tunnel.

 

The potentional expansion (new sites) would probably be split tunnel as well. At least that makes the most sense to me. 

0 Kudos
In response to Karll
RWelch
Kind of a big deal
Kind of a big deal
‎May 28 2025 11:27 AM
‎May 28 2025 11:27 AM

The MX95 has a 500 user/device count limit so if you have 50 sites with approx 10 users per, you might want to already look more towards the MX105 (both edge MX and VPN concentrator appliances).  The MX105 is geared for 750 users/devices.

The HA MX setup would be "both" as edge or both as VPNs.  If you intend to use one MX as the firewall and the other as the VPN concentrator - both will need licenses.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to RWelch
RaphaelL
Kind of a big deal
Kind of a big deal
‎May 28 2025 11:45 AM
‎May 28 2025 11:45 AM

If the MX "Hub" is configured as a Passthrough / VPN Concentrator I'm pretty sure that the number of clients/flows doesn't apply since the Hub is acting as a L2 bridge

In response to RaphaelL
RWelch
Kind of a big deal
Kind of a big deal
‎May 28 2025 11:49 AM
‎May 28 2025 11:49 AM

I get the user/device count recommendations.  Point to be made or the take away is his scenario is roughly 500 users/devices remote PLUS what he has at the HQs (300) and possibly more expansion.

I'm not thinking the MX95 will have the mustard to get the job done.  Just my 2 cents.  It's their decision, not mine 😁

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to RWelch
RaphaelL
Kind of a big deal
Kind of a big deal
‎May 28 2025 11:52 AM
‎May 28 2025 11:52 AM

I'm 100% with you on this one.

 

My point was just that to properly size a hub you don't need to consider the number of clients but rather the number of tunnels , throughput and other factors mentionned by you ,ww and alemabrahao

0 Kudos
In response to RWelch
Karll
Here to help
‎May 28 2025 10:37 PM
‎May 28 2025 10:37 PM

I forgot to mention that the MX95 would be a dedicated concentrator with no clients connected to it directly. It would be at the DC not HQ. 

0 Kudos
In response to Karll
RWelch
Kind of a big deal
Kind of a big deal
‎May 28 2025 10:49 PM
‎May 28 2025 10:49 PM

Sounds like you’ve got it all figured out, best of luck 👏👏👏

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to RWelch
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 28 2025 3:34 PM
‎May 28 2025 3:34 PM

The user/device count only applies to users who access the system through the LAN ports, not those who connect via AutoVPN.

When it comes in through the LAN port, it does client tracking.  That requires a lot of CPU and RAM.  Users coming in through AutoVPN are not tracked by the local MX (they are tracked by the MX that connect to).

ww
Kind of a big deal
Kind of a big deal
‎May 28 2025 8:19 AM
‎May 28 2025 8:19 AM

Do note that these vpn speeds of the sizing guide are not "2 way" so 1 Gbit up and 1 Gbit down traffic would count as 2Gbit.

PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 28 2025 3:35 PM
‎May 28 2025 3:35 PM

I would use the MX95 as you have suggested.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.