Meraki

Community

Two MX64 in same subnet with HUB VPN in same subnet aaatched to same switch

ehsan230564
Here to help
‎Jun 26 2019 1:35 AM
‎Jun 26 2019 1:35 AM

Two MX64 in same subnet with HUB VPN in same subnet aaatched to same switch

 

Dear Sir,

 

Is it possible for Two MX64 in same subnet with HUB VPN in same subnet aatched to same switch.

 

0 Kudos
7 Replies 7
AjitKumar
Head in the Cloud
‎Jun 26 2019 1:49 AM
‎Jun 26 2019 1:49 AM

Hi,

Would you mind explaining your scenario?

May be with a Diagram please.

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
In response to AjitKumar
BrechtSchamp
Kind of a big deal
‎Jun 26 2019 2:00 AM
‎Jun 26 2019 2:00 AM

If the question is whether two MX's with their WAN interfaces in the same subnet and connected to the same switch can do autovpn with each other the answer is Yes.

0 Kudos
In response to BrechtSchamp
ehsan230564
Here to help
‎Jun 26 2019 4:19 AM
‎Jun 26 2019 4:19 AM

Hello sir,

 

I have two windows server, 1st server ip = 192.168.0.1 default gateway 192.168.0.100

2nd server ip = 192.168.0.200 default gateway 192.168.0.100.

 

Two MX64 in HUB site to site vpn, 1st MX64 HUB1, LAN ip = 192.168.0.100

2nd MX64 HUB2, LAN ip = 192.168.1.100.

 

three MX64 in spoke site to site VPN with HUB1. another thhree MX64 in spoke site to site VPN with HUB2.

 

But we want to access above mentioned both the server from all the spoke. since internet speed are less speed so we want to divide 3:3 branches(spoke). also if one HUB1 device get problem still at least three  branches will be working through. If we connect all the 6 branches (spoke) to same HUB with two wan internet load balancing will be there,  but id the device get fail than all the six branches will stop accessing the Head office.

 

So my requirement is HA with load balancing and also fail over VPN.

 

Thanks and regards.

 

 

0 Kudos
In response to ehsan230564
BrechtSchamp
Kind of a big deal
‎Jun 26 2019 4:27 AM
‎Jun 26 2019 4:27 AM

Best setup for me would be to have the hub MX's in warm spare. Their WAN ports should be connected to the two ISP's. On the LAN side you define the two subnets in which the servers reside.

 

The spokes will the build autoVPN tunnels over the two ISP's. You can load balance between those two tunnels when accessing the servers.

 

If the hub device fails, the warm spare takes over.

In response to AjitKumar
ehsan230564
Here to help
‎Jun 26 2019 4:18 AM
‎Jun 26 2019 4:18 AM

Hello sir,

 

I have two windows server, 1st server ip = 192.168.0.1 default gateway 192.168.0.100

2nd server ip = 192.168.0.200 default gateway 192.168.0.100.

 

Two MX64 in HUB site to site vpn, 1st MX64 HUB1, LAN ip = 192.168.0.100

2nd MX64 HUB2, LAN ip = 192.168.1.100.

 

three MX64 in spoke site to site VPN with HUB1. another thhree MX64 in spoke site to site VPN with HUB2.

 

But we want to access above mentioned both the server from all the spoke. since internet speed are less speed so we want to divide 3:3 branches(spoke). also if one HUB1 device get problem still at least three  branches will be working through. If we connect all the 6 branches (spoke) to same HUB with two wan internet load balancing will be there,  but id the device get fail than all the six branches will stop accessing the Head office.

 

So my requirement is HA with load balancing and also fail over VPN.

 

 

 

0 Kudos
In response to ehsan230564
RohitRaj
Meraki Employee
Meraki Employee
‎Jun 26 2019 9:53 AM
‎Jun 26 2019 9:53 AM

Hi @ehsan230564 ,

 

I would agree with @BrechtSchamp for the setup. Give you redundancy on ISP as well as hardware. However, If the solution provided is not viable for you, please provide us information on the physical setup. 

Do you have any kind of network diagram as well as physical location information (i.e. are the Hub MX in the same subnet on the WAN interface and physically connected in the same room?)

If this was helpful, click the Kudos button below.
If your issue was resolved, we request you to mark the post resolved so other users can benefit in future
In response to RohitRaj
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 26 2019 1:15 PM
‎Jun 26 2019 1:15 PM

I have talked about how to do load balancing in your other thread, but it is complicated.

https://community.meraki.com/t5/Security-SD-WAN/VPN-load-balancing-mx64-and-access-the-same-server/m...

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.