I am in the process of evaluating SD-WAN using 2 MX-65s in a lab environment. I was able to get a VPN going over Verizon Novatels on WAN 2, but Cradlepoints won't work at all due to unfriendly NAT. I tried opening up firewalls on Cradelpoints to no avail, so can only assume the NATing the providers do is the issue. Any experience on this?
Now I am stuck trying to come up with a lab WAN 1 solution. I'm trying to mimic a provider private network with my own router and static routes with no success. Does the Meraki have to have MPLS to work in this case or should statics work? I'm seeing in another post that the private network has to have internet access via the Hub's internet in order to establish a VPN over the private network? Is it possible to do WAN1 on branch to WAN2 on Hub to mimic this? Any help in mimicing a provider private network in a lab set up is appreciated.
Also, is it possible to have Hub with one 4G and branch with two 4G and have branch failover between it's two 4G's?
The only way the VPN connections came reach each other and establish the tunnels is over the Internet. Its a fundamental requirement so there is no getting around this.
As for not being able to bring up the connection via CradlePoints, that shouldn't be a problem. I've done this and not had any issues. Long as they can get to the Internet it shouldn't care about double NAT etc. At least I've never had any issues with it.
I understand the VPN portion needing internet, just not clear on how I can do that with a mock WAN1 MPLS in a lab environment where WAN2 at hub and spoke have actual internet access.
And I've tried with the Cradlepoints with many different configs via ECM to no avail. Do you have your CP IPs set to static by the provider?
Also, if you do the manual NAT, seems you are limited to only one per device, what if you have two WAN VPN devices that need manual NAT?
Also, I found a work around for getting internet access on WANs 1 and 2 on both MX-65s with just two 4G Novatels. Each Novatel has three LAN ports. So I connected both Novatels to each MX65 in a crisscross pattern so that each WAN on a MX65 has a unique public IP.