Meraki

RobertSL

Hi All

Firstly, I am new to Meraki. The first part of the plan, scheduled for 2025, is to connect all our sites using Meraki Auto SD-WAN.

I intend to use a MX Appliance as a VPN Concentrator Hub to connect 12 sites, 6 international, as SD-WAN spokes. Once all sites are connected via SD-WAN I would like to edit the Hub WAN appliance from a VPN Concentrator Mode to Routed Mode, making it the edge device taking care of security and layer 3 routing. As the VPN Concentrator will be installed at our data centre;

- can this be done - in a couple of hours

- what do I need to consider

- would I need to recreate all the VPN connections

- is there an article that describes such a move in detail - that I have missed.

Thanks in advance

jimmyt234

Not quite sure why you would give yourself this headache and instead just deploy it in routed mode from the start?

RobertSL

Jimmyt234 - Thanks for replying. I have an existing MPLS network to all my sites. How would I use routed mode from the start as I will have an existing firewall and layer 3 switch in front of my MX device? Thanks

ITSDigital

You could deploy in routed mode, if you enable NONAT on the WAN interface connected to your MPLS. You'll be able to route in and out of the MPLS and apply L3 firewall rules to the traffic flow.

This is only If you dont mind enabling opt-in "beta" functionality, which NONAT is labelled as. But we've been successfully using it in production as a stop gap until we move everything behind Meraki AutoVPN and NAT.

You'll also not get BGP route exchange, and the MPLS will be treated as an external network, so advertising status routes from the hub might be required depending on your topology and needs.

Meraki

Community

Reusing the VPN Concentrator as a Security Device

Reusing the VPN Concentrator as a Security Device