cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki + DMVPN

Highlighted
Conversationalist

Meraki + DMVPN

Existing infrastructure comprises of two Hub routers in the DC and there about 100+ spoke router spread across states. The DMVPN solution for these cisco devices work great, however we bringing in the Meraki MX64 to replace the spoke router.  Couple questions:

 

1. What is the best design and security practice to implement meraki into a cisco environment ?

2. Tried setting up Auto-VPN with the Cisco (Hub) router - DMVPN IKEv1&2 and no luck, has everyone done this ?

3. Is Passthrough or VPN Concentrator mode an option in this case? 

 

Any suggestions would be appreciated. thanks! Please feel free to share a diagram and explanation, as I am new to Meraki products.

 

6 REPLIES 6
Highlighted
Kind of a big deal

Re: Meraki + DMVPN

You should install a pair of warm spare MX units in your DC configured as AutoVPN hubs.  Based on the number of spokes, I'd go for a pair of MX100's.

 

Then as you move sites from DMVPN to AutoVPN just update the DC routing.

 

Check out this guide first:

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/... 

 

This guide is a bit over the top for what you are doing but might be of interest.

https://documentation.meraki.com/Architectures_and_Best_Practices/Auto_VPN_Hub_Deployment_Recommenda... 

Highlighted
Conversationalist

Re: Meraki + DMVPN

Thank you articles are really helpful. 

To your response "install a pair of warm spare MX units in your DC configured as AutoVPN hubs" of the following scenarios listed in the first document, which one is most favorable in this case?

 

• MX at the datacenter deployed as a one-armed concentrator
• Warm spare/High Availability at the datacenter
• OSPF route advertisement for scalable upstream connectivity to connected VPN subnets
• Datacenter redundancy
• Split tunnel VPN from the branches and remote offices
• Dual WAN uplinks at all branches and remote offices

 

Thanks again.

Highlighted
Kind of a big deal

Re: Meraki + DMVPN

>Warm spare/High Availability at the datacenter

 

You should do this.

 

 

I don't know enough about your environment to answer the other scenarios.    That is where you would typically get a Cisco Meraki architect to help you.

I would hope most Cisco Partners could help with this.

 

https://locatr.cloudapps.cisco.com/WWChannels/LOCATR/openBasicSearch.do 

Highlighted
Kind of a big deal

Re: Meraki + DMVPN

Seconding Philip's recommendation to reach out to a Cisco/Meraki partner for more detailed environment planning. Once you get into the fine details, you get what you pay for.

Highlighted
Conversationalist

Re: Meraki + DMVPN

Thanks for your response, progress has been made. Device successfully connected as VPN concentrator.

Auto-VPN status is green, VPN Registry: Connected, NAT type : Friendly, and Encrypted

However site-to-site peer status/connectivity is red, usage : none , 0ms

Modify the upstream route couple times, there is something missing. kindly point me in the right direction, correct route statement or use ospf 

Thanks in advance

Highlighted
Getting noticed

Re: Meraki + DMVPN

Which migration step did you take eventually?

 

I have migrated DMVPN to Meraki before with HUB vpn concentrator + static route between the Hub DMVPN router.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.