Existing infrastructure comprises of two Hub routers in the DC and there about 100+ spoke router spread across states. The DMVPN solution for these cisco devices work great, however we bringing in the Meraki MX64 to replace the spoke router. Couple questions:
1. What is the best design and security practice to implement meraki into a cisco environment ?
2. Tried setting up Auto-VPN with the Cisco (Hub) router - DMVPN IKEv1&2 and no luck, has everyone done this ?
3. Is Passthrough or VPN Concentrator mode an option in this case?
Any suggestions would be appreciated. thanks! Please feel free to share a diagram and explanation, as I am new to Meraki products.
You should install a pair of warm spare MX units in your DC configured as AutoVPN hubs. Based on the number of spokes, I'd go for a pair of MX100's.
Then as you move sites from DMVPN to AutoVPN just update the DC routing.
Check out this guide first:
This guide is a bit over the top for what you are doing but might be of interest.
Thank you articles are really helpful.
To your response "install a pair of warm spare MX units in your DC configured as AutoVPN hubs" of the following scenarios listed in the first document, which one is most favorable in this case?
• MX at the datacenter deployed as a one-armed concentrator
• Warm spare/High Availability at the datacenter
• OSPF route advertisement for scalable upstream connectivity to connected VPN subnets
• Datacenter redundancy
• Split tunnel VPN from the branches and remote offices
• Dual WAN uplinks at all branches and remote offices
>Warm spare/High Availability at the datacenter
You should do this.
I don't know enough about your environment to answer the other scenarios. That is where you would typically get a Cisco Meraki architect to help you.
I would hope most Cisco Partners could help with this.
Seconding Philip's recommendation to reach out to a Cisco/Meraki partner for more detailed environment planning. Once you get into the fine details, you get what you pay for.
Thanks for your response, progress has been made. Device successfully connected as VPN concentrator.
Auto-VPN status is green, VPN Registry: Connected, NAT type : Friendly, and Encrypted
However site-to-site peer status/connectivity is red, usage : none , 0ms
Modify the upstream route couple times, there is something missing. kindly point me in the right direction, correct route statement or use ospf
Thanks in advance