Meraki

Community

Meraki integration with AWS Tranist Gateway

JLashari
New here
‎Jul 12 2020 5:28 AM
‎Jul 12 2020 5:28 AM

Meraki integration with AWS Tranist Gateway

We are interested in deploying Meraki SD-WAN with AWS Transit Gateway architecture, I found the detailed documentation on Viptella integration with AWS TGW but not able to find anything on Meraki integration. 

Has anyone successfully deployed Meraki with AWS Transit GW architecture?

0 Kudos
5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 12 2020 1:39 PM
‎Jul 12 2020 1:39 PM

I have not seen any such documentation.

 

You can refer to my guide for deploying a pair of VMX in HA mode, and in your case, the VMX go into the transit VPC.  However you have to use static routing to the VMX, and from the VMX to the transit gateway peers.

https://www.ifm.net.nz/cookbooks/meraki-ha-vmx-amazon-aws.html 

 

 

You could also do another [equally] complex solution of using a pair of Cisco CSR1000V routers in the transit VPC.

https://docs.aws.amazon.com/solutions/latest/cisco-based-transit-vpc/overview.html 

On the Meraki side you would use tag based failover to build the VPNs to the CSRs.  You would put the MX's into a separate network from the rest of the AutoVPN infrastructure, and create static routes between the two.  Or you could simply use a pair of ISR1111-8P routers with a security licence instead.

https://documentation.meraki.com/MX/Site-to-site_VPN/Tag-Based_IPsec_VPN_Failover 

 

In response to PhilipDAth
Pugmiester
Building a reputation
‎Aug 28 2020 6:14 AM
‎Aug 28 2020 6:14 AM

Hi @PhilipDAth,

 

We've just hit a roadblock trying to peer a couple of third party managed subscriptions to an existing subscription created especially for the purpose of being a hub running a vMX. The "experts" doing the work have just told use the setup they have build wont work and we have to build something they "think" is called a transit gateway. I'm more than a little frustrated after weeks of me Googling the answers for their "experts". But I digress.

 

Would I be right in thinking that you can still deploy a vMX into a transit gateway account to be able to peer with the rest of our SD-WAN?

0 Kudos
In response to Pugmiester
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 28 2020 4:29 PM
‎Aug 28 2020 4:29 PM

In short, yes, you are correct.

 

A transit gateway is a "normal" AWS account and VPC.  Inside of it is a transit gateway that allows it to connect to other AWS accounts or VPCs.

 

If you place the VMX into the transit gateway VPC then you can add static routes pointing to it (for the remote Meraki sites) and on the VMX pointing to the VPCs.

 

 

I haven't done one of these yet myself, but I have had a number of people ask me about them.

In response to PhilipDAth
Pugmiester
Building a reputation
‎Aug 30 2020 1:02 AM
‎Aug 30 2020 1:02 AM

Thanks @PhilipDAth,

 

That's whati was hoping.

0 Kudos
Vittoriusly
New here
‎Nov 16 2020 1:54 AM
‎Nov 16 2020 1:54 AM

I would like to implement something like that.
I found this AWS document  https://aws.amazon.com/blogs/apn/exploring-architectures-with-cisco-sd-wan-and-aws-transit-gateway/ Maybe it could be usefull.


Best.

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.