Meraki at the edge

Solved
MerakiMed
Getting noticed

Meraki at the edge

When I originally setup my Meraki hub device I put it behind the Cisco ASA firewall. It is setup in one arm mode. The problem is I'd like to reduce the amount of traffic running through the ASA by putting an interface of the Meraki outside and one inside. I can spot the place where I would change the WAN IP and then patch to the edge router. But I'm not spotting where the other ports are configured. I want the device and it's failover peer to remain hub but want it positioned more like a traditional firewall. Any advice appreciated.

1 Accepted Solution
Bruce
Kind of a big deal

If you’re currently running in one arm concentrator mode then you need to swap to Routed mode first, Security & SD-WAN -> Addressing & VLANs, then the configuration of the LAN ports appears on the same page.

 

Before you swap to Routed mode be sure you understand your network and traffic flows, if you don’t then you risk breaking your SD-WAN. This is especially true if you have a traffic path over a MPLS network, in this case you may struggle to use Routed mode (it may be the reason why the VPN concentrator was implemented).

View solution in original post

2 Replies 2
Bruce
Kind of a big deal

If you’re currently running in one arm concentrator mode then you need to swap to Routed mode first, Security & SD-WAN -> Addressing & VLANs, then the configuration of the LAN ports appears on the same page.

 

Before you swap to Routed mode be sure you understand your network and traffic flows, if you don’t then you risk breaking your SD-WAN. This is especially true if you have a traffic path over a MPLS network, in this case you may struggle to use Routed mode (it may be the reason why the VPN concentrator was implemented).

Thanks much Bruce. It's a simple hub network - just a bunch of VLANs off of a Nexus 9k. But with so many branch offices hanging off it I'll certainly want to get it right.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels