We have a one armed VPN Concentrator in a data centre. Is it possible to configure multiple VPN tunnels from the branch sites into the VPN Concentrator in the data centre?
Using an MX84.
The goal is to have a separate VPN tunnel for the corporate traffic and one for guest traffic. There is no Internet breakout at the branches so all traffic needs to traverse the MPLS to break out at the data centre.
Thanks in advance
Solved! Go to solution.
I would attack this differently. If all guest traffic is via the MR's then change your WiFi SSID to use tunneling.
This causes the MR to tunnel the SSID via AutoVPN back to an MX. This will give you your seperate tunnels.
@AshMead if you want two separate tunnels from each remote site to the concentrator in the DC then you will need two MXs in each site and have them in two separate networks. The alternatives to this, so that you only need one MX per remote site, are sending multiple VLANs over one tunnel or setting the public SSID at each site to use the central concentrator as the termination point.
Thanks cmr.
To clarify we only have a single MX84 in the data centre. The branch sites only have MRs.
Currently we are using a separate MX64 to tunnel the guest traffic.
Can we have both corporate and guest tunnelled to the MX84 but on different VLANs?
Thanks, can you recommend a webinar or document which provides details on these options?
I would attack this differently. If all guest traffic is via the MR's then change your WiFi SSID to use tunneling.
This causes the MR to tunnel the SSID via AutoVPN back to an MX. This will give you your seperate tunnels.
Would the SSIDs need to be on different VLANs to ensure separation when the traffic hits the MX84?
The Existing SSID is using the default VLAN 0.