VPN between MX in China & MX outside China

AY2022
Here to help

VPN between MX in China & MX outside China

Looking for more info on setting up the above. 

I have 1 main MX serving multiple smaller MX'es in china. All on China Portal. 

 

Now I'm trying to establish a VPN between the main MX and a  VMX e.g. Azure in Australia.

I believe Auto VPN is out the question, since its not on the same portal. 

 

Hence, correct me if wrong but the only way to setup is by using the Non-Meraki VPN peers option. Is that right?  

3 REPLIES 3
alemabrahao
Kind of a big deal
Kind of a big deal

If they're in different organizations, yes, but particularly I've never tried to establish a Non-Meraki VPN between two MXes, I don't know if that would work.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
RomanMD
Building a reputation

Because the MXes in China and the one in Azure are in different organizations, you are totally right - Non-Meraki VPN would be the solution. This is working fine, it is just some considerations that you need to have in mind.

1. The non-meraki VPN will use standard VPN ports 500 and 4500. Those might be blocked by Chinese provider or Great Firewall.

2. Using AutoVPN should bypass the Great Firewall, because of the high ports which are usually not blocked.

3. Any of those solutions might break the law. 

Thanks for the sharing. 

 

About point 3, wouldn't the solution (non-meraki VPN) be 'within the law' as long as the data are used only for internal data exchange and office use. 

 

https://documentation.meraki.com/General_Administration/Support/Information_for_Users_in_China 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels