Can we do routing through MX-85 (Hub) between auto VPN (Z3C spokes traffic) and MPLS L3 VPN connection terminated directly on MX-85 without extra router/CPE?
And if MX-85 at private hosting provider DC and connected with HQ & DR that have same subnet duplicated through two MPLS L3 VPN directly terminated on MX, can we use static route tracking feature on MX without having any MX peers in the other side of MPLS VPN?
And if we cant and there are in the other side of MPLS non-Meraki peers that support IPsec , then can we use static route tracking to failover and failback between HQ & DR MPLS connections that advertising same subnet ?
Solved! Go to solution.
Thanks for your support, appreciate it.
Q1) MX cannot route between two Non-Meraki VPN peers, but can failover between them if they advertising same subnet as HQ&DR?
Q2) if I advertised HQ & DR same LAN subnet to Spokes by static route instead of non-Meraki peers config on MX-85, then can I use static route tracking and customize preferences to HQ route as main and DR route backup?
Q3) Is below info from DOC means my setup is not applicable?
I don't know, but maybe this will help you.
https://documentation.meraki.com/MX/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN
Thanks, but I already checked this and it about switching between auto VPN and MPLS and my inquiry is related to Bridging/Routing traffic from auto VPN to MPLS.
There are two methods. You can use AutoVPN for te Internet for pure failover:
https://documentation.meraki.com/MX/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN
You can also use AutoVPN over MPLS as well, which is the most flexible.
https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS
Thanks for your reply and appreciate to check updated question with Topology that should be shared firstly, sorry about that.
You can't do this, you need a S2S VPN with every MX or ZX since it's a non-meraki VPN tunnel.
Traffic will route correctly either way, but if your spokes talk a lot to other spokes it won't be optimal. The AutoVPN sites will all route via the AutoVPN hub.
You could also combine this with the NO-NAT feature so raw MPLS traffic coming in from other MPLS spokes can be delivered directly. This could cause asymmetric traffic flows for spoke to spoke traffic. Not a problem if most of your traffic is spoke to hub.
Thanks for your support, appreciate it.
Q1) MX cannot route between two Non-Meraki VPN peers, but can failover between them if they advertising same subnet as HQ&DR?
Q2) if I advertised HQ & DR same LAN subnet to Spokes by static route instead of non-Meraki peers config on MX-85, then can I use static route tracking and customize preferences to HQ route as main and DR route backup?
Q3) Is below info from DOC means my setup is not applicable?