Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

non-Meraki VPN peer to Auto-VPN sites?

cabricharme
Getting noticed
Friday
Friday

non-Meraki VPN peer to Auto-VPN sites?

What is the best practice to connect a non-Meraki VPN peer (e.g. our Azure or AWS services) to our auto-VPN sites (networks)?

 

Seems this cannot work purely within Meraki:

 

Auto VPN and Non-Meraki VPN peers

 

An MX Security Appliance can establish tunnels to both Auto VPN and Non-Meraki VPN peers. The MX will send traffic to those VPN peers using the principles discussed above. However, an MX that builds tunnels to both Auto VPN and Non-Meraki VPN peers, will not route traffic between the non-Meraki VPN peers and other Auto VPN peers.

 

... yet this seems a fairly common SD-WAN configuration for any org with multiple branches and hybrid or MSP-managed environment?

 

P.S. The other parts I can't seem to wrap my head around:

  • why is there an "availability" configuration in non-Meraki VPN peering settings? Just in case remote networks aren't connected via auto-VPN but via some other mechanism?
  • when "availability" is set to "all networks", the non-Meraki VPN peer is lit up green on the network where it's configured, and red on all others. Is this Meraki way of saying, "we don't support this configuration even though our UI provides no indication that it won't work during configuration"?
Labels:
0 Kudos
Subscribe
4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
Friday
Friday

Using a vMX on azure or aws.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
cabricharme
Getting noticed
Friday
Friday

vMX is not always an option with MSPs. In our case - not (yet) an option.

 

The goal is to make it work between a non-Meraki peer and auto-vpn peers. Performance requirements are negligible.

0 Kudos
Subscribe
KarstenI
Kind of a big deal
Kind of a big deal
yesterday
yesterday

The "Availability" option is exactly what you need when you are not (yet) ready for vMX. You configure the non-meraki VPN once, and any branch that is configured in the Availability option, will build an individual IPsec-tunnel. With that you have a very small config even for a large amount of branches. Your non-meraki VPN-Hub still needs to be configured to accept the session from all branches.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.