Meraki

Community

Transition from VeloCloud to Meraki

TechBusAnalyst
Getting noticed
‎Oct 24 2019 9:07 AM
‎Oct 24 2019 9:07 AM

Transition from VeloCloud to Meraki

Hi,

 

We are looking at possibly moving from VeloCloud to Meraki MX devices for our firewalls.  One potential issue we are seeing is that we have a 3rd party datacenter that we need all of our locations to connect to as well as connect back to our corporate office.  I was not part of the initial setup a few years ago when we set this up, but as I understand it, our datacenter points it's VPN to the VeloCloud WAN IP and then all of our VeloClouds connect to each other through that IP.  

 

If we transitioned to Meraki, I'm thinking we would have to build a VPN tunnel from each of our locations to the datacenter since Meraki wouldn't have just one IP to point to like VeloCloud does.

 

Has anyone transitioned from VeloCloud to Meraki and are there any suggestions you could share for that process?

 

Thanks!

0 Kudos
2 Replies 2
cmr
Kind of a big deal
Kind of a big deal
‎Oct 24 2019 11:20 AM
‎Oct 24 2019 11:20 AM

I haven't done a migration but we do run an SD-WAN formed by MXs.

 

It stick a pair of MXs in the Data center (physical if you can) and set them up as concentrators unless you need new corporate firewalls for the DC.

 

Then put a pair of MXs on the edge of each site and enable the SDWAN.  If you have subnets not local to the MX at a site or the DC then just add them as static routes pointing to the next hop and enable them to be advertised over the SD-WAN (it is a tick box).

 

There is a little more to it than that but not a lot more, it took us a few hours to figure it out and set up the DC and the first remote site.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 24 2019 1:56 PM
‎Oct 24 2019 1:56 PM

If you can put an MX (or MX+spare) into the third party DC do that.  You can tell them to treat them like an MPLS router, and just plug them into their firewall (or wherever else they plug in WAN routers).

 

Failing that, you will want to get an extra device just to terminate this VPN.  Then on your hub MX's add a static route pointing to that device and redistribute that route into AutoVPN.  That will give all of your network connectivity instantly.

I often use Cisco ASA's or ISR routers for terminating the non-Meraki VPNs.  You can also use an additional MX - but it must not be part of AutoVPN (really important).

 

This guide goes through it in greater detail.

https://www.willette.works/merging-meraki-vpns/ 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.