Meraki

Monego · ‎Mar 22 2023

Hi there,

I have a question.

The "AS IS" is this one: we have an MPLS WAN that connects 250 stores to a datacenter where there are corporate Apps and centralized internet access for all stores.

The "TO BE" is: implement a SDWAN over 2 links (MPLS+INTERNET) terminated in datacenter on a couple of MX250 in HA with legs on MPLS+INTERNET. I still want to be able to send all stores internet traffic (in clear mode) to the existing 3rd parties firewall as it flows today (I want the SDWAN to act as a blackbox, exactly as my existing MPLS network).

They told me it's not possible because the MX250 applies NAT/PAT on internet traffic ?

Any idea ?

Thanks a lot. Marco.

cmr · ‎Mar 22 2023

We have our systems setup this way, DC MX250s are in single ended WAN concentrator mode. A request from a client in site A with IP address 10.150.100.100 is seen by the LAN of the edge firewalls (not Meraki) as 10.150.100.100, not a NATed address.

If my answer solves your problem please click Accept as Solution so others can benefit from it.

ww · ‎Mar 22 2023

How about this setup

https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS#MPLS_Set...

cmr · ‎Mar 22 2023

That's pretty much ours, just with the Datacentre MPLS link terminating on a transit VLAN / routed switch port as opposed to the firewall inside interface.

If my answer solves your problem please click Accept as Solution so others can benefit from it.

Meraki

Community

SDWAN as a Black Box

SDWAN as a Black Box