Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Question on VPN Exclusion with SD-WAN + license

Solved
ToryDav
Building a reputation
‎Dec 21 2023 1:18 PM
‎Dec 21 2023 1:18 PM

Question on VPN Exclusion with SD-WAN + license

When using an MX as a branch spoke connecting to a concentrator in the data center, we need to implement a full-tunnel design to send all wired traffic on the network through the Corperate firewalls located in the data center.

However, I also have a requirement to send the local office wifi traffic (both office user and guest) out to the internet directly at the spoke level.

When I choose to send the default route to a spoke MX creating a full tunnel, am I correct that I then need an SDWAN + license to enable Local Breakout for a couple of wifi vlans to not use the default route through the tunnel?

Labels:
0 Kudos
Subscribe
1 Accepted Solution
Brash
Kind of a big deal
Kind of a big deal
‎Dec 21 2023 1:35 PM
‎Dec 21 2023 1:35 PM

All MX licenses support local Internet breakout based on port/IP

https://documentation.meraki.com/General_Administration/Licensing/Meraki_MX_Security_and_SD-WAN_Lice...

 

Only layer 7 (application) based local Internet breakout requires the sd-wan plus license

View solution in original post

Subscribe
3 Replies 3
Brash
Kind of a big deal
Kind of a big deal
‎Dec 21 2023 1:35 PM
‎Dec 21 2023 1:35 PM

All MX licenses support local Internet breakout based on port/IP

https://documentation.meraki.com/General_Administration/Licensing/Meraki_MX_Security_and_SD-WAN_Lice...

 

Only layer 7 (application) based local Internet breakout requires the sd-wan plus license

Subscribe
ww
Kind of a big deal
Kind of a big deal
‎Dec 21 2023 1:55 PM
‎Dec 21 2023 1:55 PM

You could use source based default route for this. (In case you dont advertise the default route in the vpn globaly)

 

https://documentation.meraki.com/MX/Networks_and_Routing/Source_Based_Default_Routing

Subscribe
RaphaelL
Kind of a big deal
Kind of a big deal
‎Dec 21 2023 2:31 PM
‎Dec 21 2023 2:31 PM

Wouldn't selecting these vlans and put them 'vpn off' already solve that issue ?

 

RaphaelL_0-1703197861091.png

 

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.