Meraki

ahmadtat · ‎Jul 23 2020

Hello,

if we have 1 site with Meraki MX in it, and the requirements is to connect this site to 2 different organizations that has Meraki SD-WAN appliances (ERP application in one organization, IP telephony in the other)

how can this be achieved using 1 Meraki MX onsite?

JimmyPhelan · ‎Jul 23 2020

You will be able to reach the subnets that are advertised between the MX devices.

the relationship is between the MX devices, not between Organizations or Networks.

It might be easier to consider it just a site to site VPN with a third party. Take out that it is a Meraki, and it might be easier to think about it.

I think what you will end up with is

Site to Site VPN from Org A -> Org B

Site to Site VPN from Org A -> Org C

Org B and C are not talking to each other. Unless you create a third Site to Site, Org B -> Org C

View solution in original post

JimmyPhelan · ‎Jul 23 2020

It sounds like you are looking for Site to Site VPN's, but between separate Organizations

https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site-to-site_VPN_between_MX_Applian...

If however you are looking to run AutoVPN, a limitation of AutoVPN is that it happens inside of an Organization.

What is the relationship between yourselves and the other organizations? Is there a potential to bring all the equipment into a single organization but separate Networks? You could divide up Meraki Admins to only have access to specific Networks.

I suspect you will need Site to Site with Different Organizations, but let us know if there is more to it.

ahmadtat · ‎Jul 23 2020

thanks @JimmyPhelan for your reply.

your suggestion of Site to Site VPN is the more appropriate one as the 2 organizations have existing networks and cant merge (for political and security reasons)

I read the link you shared, I didnt get the below point:

"This process would need to be repeated for each remote/local MX pair as desired. The image below shows an example of an MX to MX VPN connection when the devices are in different Organizations"

So if there's one site (added to "organization A" for Auto-VPN), we would need to add the public IP of that particular site in "Organization B" Third Party VPN peer?

and in this case, "Orgnzation A" other sites will be able to reach "organization B" sites?

JimmyPhelan · ‎Jul 23 2020

You will be able to reach the subnets that are advertised between the MX devices.

the relationship is between the MX devices, not between Organizations or Networks.

It might be easier to consider it just a site to site VPN with a third party. Take out that it is a Meraki, and it might be easier to think about it.

I think what you will end up with is

Site to Site VPN from Org A -> Org B

Site to Site VPN from Org A -> Org C

Org B and C are not talking to each other. Unless you create a third Site to Site, Org B -> Org C

rhbirkelund · ‎Jul 23 2020

I believe what @JimmyPhelan is trying to convey is that Meraki Autovpn feature only works between Networks within the same Organizations, in terms of Meraki.

If you have MX'es at all locations, but they are not in the same organization, you'll have to treat the Site-to-Site VPN as third party VPNs. You will not be able to leverage Meraki's AutoVPN feature.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

Meraki

Community

one site, 2 separate organizations?!

one site, 2 separate organizations?!