cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Multiple VPN tunnels into a VPN Concentrator

SOLVED
Highlighted
Here to help

Multiple VPN tunnels into a VPN Concentrator

We have a one armed VPN Concentrator in a data centre. Is it possible to configure multiple VPN tunnels from the branch sites into the VPN Concentrator in the data centre?

 

Using an MX84.

 

The goal is to have a separate VPN tunnel for the corporate traffic and one for guest traffic. There is no Internet breakout at the branches so all traffic needs to traverse the MPLS to break out at the data centre.

 

Thanks in advance 

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: Multiple VPN tunnels into a VPN Concentrator

I would attack this differently.  If all guest traffic is via the MR's then change your WiFi SSID to use tunneling.

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/SSID_Tunneling_and_Layer_3_Roamin... 

 

This causes the MR to tunnel the SSID via AutoVPN back to an MX.  This will give you your seperate tunnels.

View solution in original post

7 REPLIES 7
cmr
A model citizen

Re: Multiple VPN tunnels into a VPN Concentrator

@AshMead if you want two separate tunnels from each remote site to the concentrator in the DC then you will need two MXs in each site and have them in two separate networks.  The alternatives to this, so that you only need one MX per remote site, are sending multiple VLANs over one tunnel or setting the public SSID at each site to use the central concentrator as the termination point.

Here to help

Re: Multiple VPN tunnels into a VPN Concentrator

Thanks cmr. 

 

To clarify we only have a single MX84 in the data centre. The branch sites only have MRs.

 

Currently we are using a separate MX64 to tunnel the guest traffic. 

 

Can we have both corporate and guest tunnelled to the MX84 but on different VLANs?

cmr
A model citizen

Re: Multiple VPN tunnels into a VPN Concentrator

Yes, use the mx64s at remote sites to tunnel and either send over multiple VLANs (enable VLANs on the MXs), or once the tunnel, which if the MXs are in single LAN mode will now be for corporate, is up, change the public SSID to use the mx84 as a concentrator
 
Here to help

Re: Multiple VPN tunnels into a VPN Concentrator

Thanks, can you recommend a webinar or document which provides details on these options? 

Kind of a big deal

Re: Multiple VPN tunnels into a VPN Concentrator

I would attack this differently.  If all guest traffic is via the MR's then change your WiFi SSID to use tunneling.

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/SSID_Tunneling_and_Layer_3_Roamin... 

 

This causes the MR to tunnel the SSID via AutoVPN back to an MX.  This will give you your seperate tunnels.

View solution in original post

New here

Re: Multiple VPN tunnels into a VPN Concentrator


Since your goal is to have a separate VPN tunnel for the corporate traffic and one for guest traffic so you can do this with PureVPNs Business and normal user account, I am suggesting it to you because I also use it for my Company and it works great for me. However if you wanna try you can have it today or tomorrow as they are having a great discount this cyber monday with 88% off.
Here to help

Re: Multiple VPN tunnels into a VPN Concentrator

Would the SSIDs need to be on different VLANs to ensure separation when the traffic hits the MX84?

 

The Existing SSID is using the default VLAN 0. 

 

 

 

 

 

 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.