Select few application (layer 7) to breakout locally

Solved
Aamir
Here to help

Select few application (layer 7) to breakout locally

Hi,

 

My customer has few sites and all have internet. We are proposing Meraki MX with SD-WAN. Customer wants to select certain application (e.g O365 etc) to break out (Internet) locally and remaining application to go over the tunnel to HO? Is that possible?

 

Thanks,

Aamir

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

Not really.  You really want to break out all Internet access locally or you'll have grief.

View solution in original post

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal

Not really.  You really want to break out all Internet access locally or you'll have grief.

Aamir
Here to help

ok can we just say www.outlook.com to break out locally and remaining internet traffic to go to HO via tunnel in all the sites or even that's not possible?

AjitKumar
Head in the Cloud

Hi @Aamir 

I believe the understanding is

We can have a FULL Tunnel / SPLIT Tunnel. [We may send All / only the Remote Subnet Traffic via the Tunnel]

Tunneling

There are two tunneling modes available for MX-Z appliances configured as a Spoke:

  • Split tunnel (no default route): Send only site-to-site traffic, meaning that if a subnet is at a remote site, the traffic destined for that subnet is sent over the VPN. However, if traffic is destined for a network that is not in the VPN mesh (for example, traffic going to a public web service such as www.google.com), the traffic is not sent over the VPN. Instead this traffic is routed using another available route, most commonly being sent directly to the Internet from the local MX device. Split tunneling allows for the configuration of multiple hubs.
  • Full tunnel (default route): The configured Exit hub(s) advertise a default route over Auto VPN to the spoke MX. Traffic destined for subnets that are not reachable through other routes will be sent over VPN to the Exit hub(s). Exit hubs' default routes will be prioritized in descending order.

 

 

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
Aamir
Here to help

thanks a lot.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels