Non-Meraki VPN & AutoVPN using different WAN

Solved
rafiejo
Conversationalist

Non-Meraki VPN & AutoVPN using different WAN

Hi, 

 

I'm new here. Need some advice on the site-to-site VPN.

 

My organization is using MX84 as our firewall and we have 2 WAN. 

 

Currently, we are using WAN 1 (Metro-E with fixed IP) to establish site-to-site VPN to 2 remote sites (both using Cisco ASA). 

 

We are adding a new remote site, and I'm planning to have the new site to use MX64 to leverage on the AutoVPN features. As the new site going to use a lot of traffic (CCTV), I want to use WAN 2(High speed broadband) for this tunnel. 

 

Is this going to work? Just want to make sure before proceed with the purchase.

 

*Only HQ need to be able to see remote sites. The remote sites doesn't need to see each other.

1 Accepted Solution
timeshimanshu
Getting noticed

For SDWAN VPN traffic the preferred link can be configured under the policy and also the backup path can be defined thats totally depend on you how you want to perform sdwan.

sdwan vpn.PNG

View solution in original post

6 Replies 6
timeshimanshu
Getting noticed

Hi,

 

Yes the solution will work but keep in mind the MX64 support only 50 user's live traffic only. if users count goes beyond this you might face the latency issue.

Also since you are new to Meraki technology you need to be aware about Meraki auto vpn..

 

Auto-VPN tunnel will work only between the different network under the same organization,so  if you are putting your Meraki Mx under same organization then only it will work otherwise it will be communicate as other Non-Meraki VPN Peers which doesn't have SDWAN functionality and this we generally use when we don't have Meraki mx on both sides.

 

So go for order after check your user count.maximum bandwidth supported in the data sheet. 

rafiejo
Conversationalist

Thanks for the reply. 

 

The 50 users, means 50 devices right? 30 CCTVs, 3 Servers, 4 workstation, 2 switches will be counted as 39 users?

timeshimanshu
Getting noticed

yes exactly the active devices. in your case MX64 would be enough for your branch.

jdsilva
Kind of a big deal


@rafiejo wrote:

 

I want to use WAN 2(High speed broadband) for this tunnel. 

 


Hi @rafiejo. When using AutoVPN by default  the MX will attempt to establish a VPN tunnel on every available interface it has available. However, you can change this behavior, or control which tunnel is used to send traffic over on the Security & SD-WAN > SD-WAN & Traffic shaping configuration page. 

 

image.png

 

 

More information on how to configure all this can be found in this KB article:

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/SD-WAN_and_Traffic_Shaping

 

 

rafiejo
Conversationalist

Understood.

 

It's a bit confusing since we are going to have non-meraki vpn and AutoVPN. 

As far as I know, non-meraki VPN will only work on WAN1 primary uplink. And we planned to have:

  • WAN 1 : non-meraki VPN
  • WAN 2 : AutoVPN


 

image.png


This rule only apply to AutoVPN right? But there is no option to prefer secondary uplink.

 

Capture.JPG

I guess we just need to create the rule here?

timeshimanshu
Getting noticed

For SDWAN VPN traffic the preferred link can be configured under the policy and also the backup path can be defined thats totally depend on you how you want to perform sdwan.

sdwan vpn.PNG

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels