VPN load balancing mx64 and access the same server.

ehsan230564
Here to help

VPN load balancing mx64 and access the same server.

Dear Sir,

 

How can I do VPN load balancing, I have two mx64 in hub mode, and three mx64 in spoke connecting to hub1 and another three mx64 to hub2.

 

I want to access the same server with IP = 192.168.0.1 from all the 6 spoke in above scenario.

 

Since it is not allowed configure the both the HUB in same subnet.  so that I can connect both the HUB to the same switch in which server is connected.

 

3 REPLIES 3
Nash
Kind of a big deal

I'm not a sir but I've got some thoughts.

 

If one org:

 

Can you setup VPN NAT on the hub that's got the same subnet? I think you need to have support enable this.

 

If two orgs:

 

I think you're going to have to build separate third party site-to-site tunnels between each MX and site where that server lives. See "AutoVPN and Non-Meraki Peers" here: https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior#AutoVPN_and_Non-Meraki_...

When they say non-Meraki, I believe they mean "third party site-to-site tunnel".

Raj66
Meraki Employee
Meraki Employee

@ehsan230564 , As @Nash  suggested, VPN subnet translation could be an option here. Also, one more thing that might work for you is to configure a full tunnel VPN from the spokes to their Hubs. Since the two hubs will exchanges routes between them, as long as you are configuring full tunnel between from spokes connected behind the hubs, all the spokes should be able to reach that subnet no matter behind which hub that subnet resides.

 

Cheers!

 

Raj 

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it
PhilipDAth
Kind of a big deal
Kind of a big deal

>Since it is not allowed configure the both the HUB in same subnet. 

 

This is incredibly complicated to do - and I would not do it for a setup of this size.  Usually it is done for large DCs.

 

You will need a layer 3 switch and then a stub nework from the switch to each MX.  Each MX needs to be in a different network, and a static route to the server subnet via their stub.  Each hub than then publish the static route into AutoVPN.

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels