Meraki integration with AWS Tranist Gateway

JLashari
New here

Meraki integration with AWS Tranist Gateway

We are interested in deploying Meraki SD-WAN with AWS Transit Gateway architecture, I found the detailed documentation on Viptella integration with AWS TGW but not able to find anything on Meraki integration. 

Has anyone successfully deployed Meraki with AWS Transit GW architecture?

5 REPLIES 5
PhilipDAth
Kind of a big deal
Kind of a big deal

I have not seen any such documentation.

 

You can refer to my guide for deploying a pair of VMX in HA mode, and in your case, the VMX go into the transit VPC.  However you have to use static routing to the VMX, and from the VMX to the transit gateway peers.

https://www.ifm.net.nz/cookbooks/meraki-ha-vmx-amazon-aws.html 

 

 

You could also do another [equally] complex solution of using a pair of Cisco CSR1000V routers in the transit VPC.

https://docs.aws.amazon.com/solutions/latest/cisco-based-transit-vpc/overview.html 

On the Meraki side you would use tag based failover to build the VPNs to the CSRs.  You would put the MX's into a separate network from the rest of the AutoVPN infrastructure, and create static routes between the two.  Or you could simply use a pair of ISR1111-8P routers with a security licence instead.

https://documentation.meraki.com/MX/Site-to-site_VPN/Tag-Based_IPsec_VPN_Failover 

 

Pugmiester
Building a reputation

Hi @PhilipDAth,

 

We've just hit a roadblock trying to peer a couple of third party managed subscriptions to an existing subscription created especially for the purpose of being a hub running a vMX. The "experts" doing the work have just told use the setup they have build wont work and we have to build something they "think" is called a transit gateway. I'm more than a little frustrated after weeks of me Googling the answers for their "experts". But I digress.

 

Would I be right in thinking that you can still deploy a vMX into a transit gateway account to be able to peer with the rest of our SD-WAN?

In short, yes, you are correct.

 

A transit gateway is a "normal" AWS account and VPC.  Inside of it is a transit gateway that allows it to connect to other AWS accounts or VPCs.

 

If you place the VMX into the transit gateway VPC then you can add static routes pointing to it (for the remote Meraki sites) and on the VMX pointing to the VPCs.

 

 

I haven't done one of these yet myself, but I have had a number of people ask me about them.

Pugmiester
Building a reputation

Thanks @PhilipDAth,

 

That's whati was hoping.

Vittoriusly
New here

I would like to implement something like that.
I found this AWS document  https://aws.amazon.com/blogs/apn/exploring-architectures-with-cisco-sd-wan-and-aws-transit-gateway/ Maybe it could be usefull.


Best.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels