Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Routing between auto VPN and MPLS on MX

Solved
Ahmed_Fathy
Here to help
‎May 13 2024 12:54 PM
‎May 13 2024 12:54 PM

Routing between auto VPN and MPLS on MX

Can we do routing through MX-85 (Hub) between auto VPN (Z3C spokes traffic) and MPLS L3 VPN connection terminated directly on MX-85 without extra router/CPE?

 

And if MX-85 at private hosting provider DC and connected with HQ & DR that have same subnet duplicated through two MPLS L3 VPN directly terminated on MX, can we use static route tracking feature on MX without having any MX peers in the other side of MPLS VPN?

 

And if we cant and there are in the other side of MPLS non-Meraki peers that support IPsec , then can we use static route tracking to failover and failback between HQ & DR MPLS connections that advertising same subnet ? 

 

Ahmed_Fathy_0-1715666817724.png

 

Labels:
0 Kudos
Subscribe
1 Accepted Solution
In response to PhilipDAth
Ahmed_Fathy
Here to help
‎May 14 2024 2:40 PM
‎May 14 2024 2:40 PM

Thanks for your support, appreciate it.

 

Q1) MX cannot route between two Non-Meraki VPN peers, but can failover between them if they advertising same subnet as HQ&DR?

 

Q2) if I advertised HQ & DR same LAN subnet to Spokes by static route instead of non-Meraki peers config on MX-85, then can I use static route tracking and customize preferences to HQ route as main and DR route backup? 

 

Q3) Is below info from DOC means my setup is not applicable?

 

Ahmed_Fathy_0-1715722123130.png

 

 

View solution in original post

0 Kudos
Subscribe
7 Replies 7
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 13 2024 1:21 PM
‎May 13 2024 1:21 PM

I don't know, but maybe this will help you.

 

https://documentation.meraki.com/MX/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Ahmed_Fathy
Here to help
‎May 13 2024 1:41 PM
‎May 13 2024 1:41 PM

Thanks, but I already checked this and it about switching between auto VPN and MPLS and my inquiry is related to Bridging/Routing traffic from auto VPN to MPLS.

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 13 2024 1:45 PM
‎May 13 2024 1:45 PM

There are two methods.  You can use AutoVPN for te Internet for pure failover:
https://documentation.meraki.com/MX/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN

 

You can also use AutoVPN over MPLS as well, which is the most flexible.

https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS

 

0 Kudos
Subscribe
In response to PhilipDAth
Ahmed_Fathy
Here to help
‎May 13 2024 11:10 PM
‎May 13 2024 11:10 PM

Thanks for your reply and appreciate to check updated question with Topology that should be shared firstly, sorry about that.

0 Kudos
Subscribe
In response to Ahmed_Fathy
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 14 2024 4:24 AM
‎May 14 2024 4:24 AM

You can't do this, you need a S2S VPN with every MX or ZX since it's a non-meraki VPN tunnel.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 14 2024 11:56 AM
‎May 14 2024 11:56 AM

Traffic will route correctly either way, but if your spokes talk a lot to other spokes it won't be optimal.  The AutoVPN sites will all route via the AutoVPN hub.

 

You could also combine this with the NO-NAT feature so raw MPLS traffic coming in from other MPLS spokes can be delivered directly.  This could cause asymmetric traffic flows for spoke to spoke traffic.  Not a problem if most of your traffic is spoke to hub.

 

PhilipDAth_0-1715712967912.png

 

0 Kudos
Subscribe
In response to PhilipDAth
Ahmed_Fathy
Here to help
‎May 14 2024 2:40 PM
‎May 14 2024 2:40 PM

Thanks for your support, appreciate it.

 

Q1) MX cannot route between two Non-Meraki VPN peers, but can failover between them if they advertising same subnet as HQ&DR?

 

Q2) if I advertised HQ & DR same LAN subnet to Spokes by static route instead of non-Meraki peers config on MX-85, then can I use static route tracking and customize preferences to HQ route as main and DR route backup? 

 

Q3) Is below info from DOC means my setup is not applicable?

 

Ahmed_Fathy_0-1715722123130.png

 

 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.