VPN Registry Table

Solved
JamesMutie
Getting noticed

VPN Registry Table

Hello Good People,

 

Is it possible to achieve a design where by , VPN concentrator on NAT mode has a public IP(X.X.X.X) assigned on the internet port. This public IP is floating IP owned by the customer.  A branch MX in routed mode has an MPLS link with an ip of 10.10.10.1.

 

If  both the branch MX and Concentrator have the same internet breakout on public IP (Y.Y.Y.Y).

 

How will the VPN registry table look like ? will the autovpn peering be through source IPs or interface IPs  (Entries on the VPN registry) ?

1 Accepted Solution
cmr
Kind of a big deal
Kind of a big deal

@JamesMutie, yes, pretty much! 

 

If you leave it as is then as the public IPs are different then the tunnel will be formed over the internet. 

 

If you make them appear to the Meraki cloud as the same public IP by changing the IP to an internal private one as suggested then the tunnels will build over the private network.

 

Hopefully that makes sense?

If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

4 Replies 4
cmr
Kind of a big deal
Kind of a big deal

@JamesMutie if the internet gateway for the VPN concentrator and the remote MX that is the other side of the MPLS are one and the same then the tunnels are built between the private internal interface IP addresses

If my answer solves your problem please click Accept as Solution so others can benefit from it.
JamesMutie
Getting noticed

@cmr  Thanks. So that means, the Concentrator Interface IP needs to be changed from the floating Public IP to an a private IP reachable by the remote Branch via MPLS?

cmr
Kind of a big deal
Kind of a big deal

@JamesMutie, yes, pretty much! 

 

If you leave it as is then as the public IPs are different then the tunnel will be formed over the internet. 

 

If you make them appear to the Meraki cloud as the same public IP by changing the IP to an internal private one as suggested then the tunnels will build over the private network.

 

Hopefully that makes sense?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
JamesMutie
Getting noticed

@cmr Thanks Alot. Well explained

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels