Remote Location setup advice

JohnG-NC
Just browsing

Remote Location setup advice

We have a new remote location that we need connect back to our main location and provide clients with access to a specific VLAN. Looking for the best (and fastest way) to do this.

 

Main site - Cisco ASA Firewall, Cisco routers, Meraki core stack - currently does not have an MX devices online.

Main site - EPLAN connection to AWS and our SAP environment

Main site - Meraki AP's with various SSIDs and vlans

Main site - we can take an RF Gun with a custom built application that enters data into our SAP environment. RF Guns are configured to connect to the "RF" SSID which has a connection via the EPLAN to AWS and SAP

 

 

New site - basic Spectrum Internet

New site requirement - use an RF Gun in the new site to scan data into the SAP environment

Long term solution - implement EPLAN circuits to basically have the new site connected to SAP like the Main site is now. This will take 2-3 months to implement.

 

Looking for a short term solution.

 

We have the following equipment available to use short term -

  • two MX85s
  • two new Cisco ISR routers
  • Meraki switches
  • Meraki APs
  • We can potentially have a Meraki Z3 device if needed

 

We bascially need a way for the RF device in the new site to believe it is on a specific vlan in our main site.

 

Thanks for any advice.

5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal

Tough one.

 

If you put an MX in your main site temporarily in VPN concentrator mode, and an MR ar the new site, then you could configure the SSID to tunnel to the MX, which would then drop it into the VLAN at the main site layer 2.

 

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/SSID_Tunneling_and_Layer_3_Roamin...

 

Thanks for the reply. We're looking at this more closely.

 

I should mention we also currently have Cisco ASAs in the main site. Would doing something like a site-to-site VPN using an MX in the new location to the ASA in the main location work? Would I have access to the needed vlan for my AP's?

PhilipDAth
Kind of a big deal
Kind of a big deal

If you want the devices to be in the same VLAN as if they were at head office - no.

 

If you relaxed the requirement and just said they need a layer 3 connection - yes.

JohnG-NC
Just browsing

Thanks again. Since we have the MXs available for now, I think we're going that route.

 

Curious - do the Meraki Z devices do anything similar? I know these are remote user-type devices to connect back to the home office. I just don't know enough about networking to understand what they would do. I'm assuming that they would not drop you on a specific vlan and that that would be an option for my situation?

PhilipDAth
Kind of a big deal
Kind of a big deal

If you are asking if the Meraki Z device could be the VPN concentrator at the DC - I don't know, but 90% likely.  Just less capacity.

Get notified when there are additional replies to this discussion.