Hello community,
I received the following scenario from our customers:
MX (Spoke) have one DSL Internet WAN Port 1 and one MPLS WAN Port 2, the MPLS have a local internet breakout. This gives us the opportunity to set up a VPN to the MX (hub) on both WAN ports.
Now the voice communication should go over the MPLS VPN and the rest of the internal communication and the internet communication over the VPN at WAN port 1.In addition, the customer wants the Office 365 and Microsoft updates to go out via the local breakout, i.e. directly on the MX via the DSL connection.
I can configure voice traffic via VPN TrafficShaping.
And I can configure internal traffic and Internet traffic with the default route in the VPN Site2Site.
But how do you configure the routes to push the Office 365 and Microsoft upgrade locally via the DSL connection?
Can someone help me here?
thank you
As this involves both MS and Meraki, you may find the following helpful:
Enhancing VPN Performance At Microsoft
Implementing VPN split tunneling for Office 365
Hello Uberseehandel,
if I now understand the articles correctly, then the VPN settings are on the Windows desktop. But I want to configure the routing on the MX.
besrt regards
Nikolai
More explanations
https://docs.microsoft.com/en-us/Office365/Enterprise/office-365-vpn-implement-split-tunnel
@Uberseehandel @Nikolai_Borhart is talking about site to site VPNs, not client VPNs
Please see - https://docs.microsoft.com/en-us/Office365/Enterprise/office-365-vpn-split-tunnel
This explains how to identify the O365 traffic, which is why I posted it as "helpful" rather than the solution . . .
MS explains how to select the relevant traffic, specifically "to mitigate the risk of VPN infrastructure saturation", it makes sense to use the same logic to route the O365 traffic to a specific WAN port.🤓😷
Support provided me with this link today.
VPN Full-Tunnel Exclusion (IP Based Local Internet Breakout)
VPN full-tunnel exclusion is a feature on the MX whereby the administrator can configure layer-3 (and some layer-7) rules to determine exceptions to a full-tunnel VPN configuration. This feature is also known as Local Internet Breakout in the industry.
Hello Dave,
Thank you for your answer, that's what I was looking for.
Unfortunately I only see a Layer 3 configuration in the documentation, although there should also be a Layer 7 configuration.
""" the administrator can configure layer-3 (and some layer-7) rules ''''''
Have you ever configured and tested the Local Internet Breakout on an MX?
Greetings
I have not configured this, but if you ask again in a week or two the answer may be different. For now I'm just gathering info in response to a request.
If you look at the LIB (Local Internet Breakout) dialog there are options there for doing specific ports. The dialog was under the template, BTW. It took a minute for me to find it.