Meraki

Community

Point to Point - Layer 2 connection between two firewall

Pushpaksinh
Conversationalist
‎May 15 2025 8:04 AM
‎May 15 2025 8:04 AM

Point to Point - Layer 2 connection between two firewall

Hi, 

 

I am trying to establish Layer 2 connection between two firewalls at different locations.

 

Location 1-(HO)

Wan 1 - internet

Wan 2 - internet

LAN 3 - internal network

LAN 4 - Vlan 300 - 10.255.255.1/30

 

Location 2-(branch)

Wan 1 - internet

Wan 2 - No connection

LAN 3 - internal network

LAN 4 - Vlan 300 - 10.255.255.2/30

 

So LAN 4 is connection between between two firewalls.

1)What will be the configuration to utilized internal network connection between two locations?

2)And if WAN of location 2(branch) failed, is there any way to utilized internet of location 1(HO)?

Labels:
0 Kudos
6 Replies 6
alemabrahao
Kind of a big deal
‎May 15 2025 8:19 AM
‎May 15 2025 8:19 AM

Maybe it will help ypu.

 

MX Layer 2 Functionality - Cisco Meraki Documentation

 

https://documentation.meraki.com/MX/Networks_and_Routing/Integrating_an_MPLS_Connection_on_the_MX_LA...

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
alemabrahao
Kind of a big deal
‎May 15 2025 9:05 AM
‎May 15 2025 9:05 AM

One more document.

 

https://documentation.meraki.com/MX/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 15 2025 1:54 PM
‎May 15 2025 1:54 PM

I think this link by @alemabrahao would best fit your use case.

0 Kudos
In response to PhilipDAth
Pushpaksinh
Conversationalist
‎May 16 2025 4:04 AM
‎May 16 2025 4:04 AM

Actually I want 2 tunnel at a time,

1 is P2P for internal communication

2 is Auto VPN(backup)

 

the issue is not with backup auto VPN and solution link by @alemabrahao .

 

the condition is at branch , WAN 1 will be utilized for internet and LAN(p2p) will be for internal communication.

however if WAN 1 fails, LAN will provide internet to branch via P2P.

 

Even Meraki tac has suggested link same as @alemabrahao  but my requirements is not satisfy with that configuration.

0 Kudos
In response to Pushpaksinh
alemabrahao
Kind of a big deal
‎May 16 2025 4:39 AM
‎May 16 2025 4:39 AM

Unfortunately, the only way to use L2 as a backup is to use it as a failover.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
cmr
Kind of a big deal
Kind of a big deal
‎May 16 2025 1:32 PM
‎May 16 2025 1:32 PM

I did this for an organisation and the model I followed had the branch VLAN 300 on a WAN port.  The HQ MX was in VPN concentrator mode with a L3 switch terminating VLAN 300 and a separate set of firewalls as the corporate edge.  After leaving another team thought they could simplify it and maintain functionality, but ended up realising that it was the only sensible way to get it all working.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.