Meraki

Community

Site to Site VPN with MPLS as Primary Connection

Solved
denekez
Comes here often
‎Apr 20 2022 12:27 PM
‎Apr 20 2022 12:27 PM

Site to Site VPN with MPLS as Primary Connection

I followed the documentation setting up the connection but the MPLS connection on WAN 2 of the MX doesn't ever say connected.  Configuring Site-to-site VPN over MPLS - Cisco Meraki

 

Design

Data Center at HQ has a core switch with a VLAN 700,701 each have an assigned IP address on those interfaces.  Have one port on this switch configured as a TRUNK port that connects to our ISP for our MPLS. Both remote sites are using this one port with 2 different vlans. 

 

Remote Sites - First remote site has a MX and with an internet connection that is working over the Site to site VPN - WAN 1 connecting back to a VPN concentrator at HQ.  On WAN2 I configured this port to have a static IP for VLAN 700.  This connection never comes up.  

 

I previously had a L3 switch at the remote site that had a trunk port with a native vlan set to 700 and an IP address assigned to the vlan 700 interface.  Default route back to the HQ vlan 700 interface IP.  

 

Am I required to still have a L3 switch on the remote side so the MX connects into a access port on the switch? Or can it connect into trunk port from the HQ going across the MPLS connection. 

0 Kudos
1 Accepted Solution
Ryan_Miles
Meraki Employee
Meraki Employee
‎Apr 20 2022 1:40 PM
‎Apr 20 2022 1:40 PM

Little tough to follow without a diagram. But, in general if the MX WAN interface shows as down then it means it cannot reach dashboard. Does that interface have a proper route & NAT to reach internet/dashboard?

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

0 Kudos
2 Replies 2
Ryan_Miles
Meraki Employee
Meraki Employee
‎Apr 20 2022 1:40 PM
‎Apr 20 2022 1:40 PM

Little tough to follow without a diagram. But, in general if the MX WAN interface shows as down then it means it cannot reach dashboard. Does that interface have a proper route & NAT to reach internet/dashboard?

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
denekez
Comes here often
‎Apr 21 2022 5:59 AM
‎Apr 21 2022 5:59 AM

I assumed it did but after thinking about it a little hard that network that I created for the interconnect isn't allowed through the firewall.  I will be enabling this later today to and will report back my finding.  

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.