Meraki

Community

Meraki SDWAN architecture

Solved
Avdhesh
Here to help
‎Oct 18 2021 4:02 AM
‎Oct 18 2021 4:02 AM

Meraki SDWAN architecture

Hi Team,

 

planning to implement meraki sdwan on 15 branches, with DC to be colocated . 2 sites have more than 800 users others have 250 users on an average. for now we have firewalls at branches. please suggest what mode in should I run my MX devices and do i need a firewall at all branches along with MX devices.

 

Rgerads,

 

0 Kudos
1 Accepted Solution
In response to Avdhesh
cmr
Kind of a big deal
Kind of a big deal
‎Oct 18 2021 11:01 AM
‎Oct 18 2021 11:01 AM

@Avdhesh an MX in VPN concentrator mode only has one active port so indeed it is not connected to the WAN directly, but sits behind some other firewalls.

If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

8 Replies 8
KarstenI
Kind of a big deal
Kind of a big deal
‎Oct 18 2021 5:39 AM
‎Oct 18 2021 5:39 AM

As always, it depends. If your actual firewalls do all of the processing for Internet-traffic, you only need the MX-Enterprise licenses which will save you money. But you have to maintain two platforms. If you move the firewalling to the MX, you will likely go with the Advanced Security license because that will give you more security-features. Very positive with Meraki MX, for high-availability you only need an additional MX, but not an extra license.

 

For the sizing, the sites with 250 users will likely be a candidate for the MX95, while the sites with 800 users could use a MX250. But you should also take into account the needed throughput for internet-traffic and VPN.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
Avdhesh
Here to help
‎Oct 18 2021 5:47 AM
‎Oct 18 2021 5:47 AM

Hey karstnel,

 

Thanks for the reply. that is helpful, at the DC end i need to deploy MX in concentrator mode and at branches NAT mode as internet will terminate directly on MXs at branch.

 

the auto VPN will work for all MXs running either on concentrator mode or NAT mode right!

 

0 Kudos
In response to Avdhesh
KarstenI
Kind of a big deal
Kind of a big deal
‎Oct 18 2021 5:54 AM
‎Oct 18 2021 5:54 AM

Yes, you can mix them as you want. Keep in mind that with concentrator-mode you can not have two WAN connections on the MX. That is a restriction that I typically don't like as nearly all customers have two ISPs at the HQ/DC and I want to have both active for AutoVPN.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
Avdhesh
Here to help
‎Oct 18 2021 8:36 AM
‎Oct 18 2021 8:36 AM

Hi Karsten,

 

in VPN concentrator mode we are not terminating the WAN on MX or can we?

 

0 Kudos
In response to Avdhesh
cmr
Kind of a big deal
Kind of a big deal
‎Oct 18 2021 11:01 AM
‎Oct 18 2021 11:01 AM

@Avdhesh an MX in VPN concentrator mode only has one active port so indeed it is not connected to the WAN directly, but sits behind some other firewalls.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Inderdeep
Kind of a big deal
Kind of a big deal
‎Oct 18 2021 7:55 AM
‎Oct 18 2021 7:55 AM

@Avdhesh : the whole story 

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...

 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
In response to Inderdeep
BrandonS
Kind of a big deal
‎Oct 18 2021 8:28 AM
‎Oct 18 2021 8:28 AM

You should find this informative: MX Sizing Principles

 

 

 

- Ex community all-star (⌐⊙_⊙)
0 Kudos
In response to BrandonS
Avdhesh
Here to help
‎Oct 18 2021 8:34 AM
‎Oct 18 2021 8:34 AM

Hey Brandon,

 

Thanks a lot for the response!

 

i have done the sizing with this document only, a bit confused over sizing for DC as no users will be there. the client is planning to move to a colocated DC with dual 100 Mb internet links.

 

as per BW MX67 or 68 would fit keeping in mind future scaling. what do you suggest.

 

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.