VPn static routing over Meraki Auto-VPN

LuigiJuve
Here to help

VPn static routing over Meraki Auto-VPN

I have a new site I plan to build out that is huge and needs 10GB of bandwidth.

I have all my IDF L2 switches connect to the L3 pair that have all my SVIs on a 172.30.128.0/21 le 24.

I want to install Palo Alto firewalls to handle my outbound 0.0.0.0 and NATing but want to still use a Meraki MX250 for the VPN trusted traffic and auto VPN SD-WAN in a bgp DC to DC failover I have implemented.

 

usually I build out sites with the MX being the main source of LAN SVI and routing and put it between Layer 2 switches and the edge routers. the MX has all my different VLANs and I choose what goes through the VPN and has the ARP table.

 

in this scenario attached I do not want that. how do I point the routing to work this way and choose what networks route over the SD-WAN autovpn?

4 REPLIES 4
Bettencourt
Meraki Employee
Meraki Employee

to be clear in my data centers I an MX configured as one-armed VPN concentrator mode connecting eBGP to my internal network.

 

I am trying to understand on the branch side with my MX configured as a spoke VPN

 

here is a diagram.

 

Screen Shot 2020-03-25 at 4.28.16 PM.png

PhilipDAth
Kind of a big deal
Kind of a big deal

The the MX250 into VPN concentrator mode.  I runs on a single interface using this mode.

 

On your Palo Alto you would create static routes pointing to the MX for all the remote AutoVPN subnets (or enable something like OSPF).

On the VPN concentrator you configure all the local routes which then get pushed into AutoVPN.

 

https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide 

I just added a diagram on what I am trying to do
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels