Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About dtamburin
dtamburin
Just browsing
Member since Jul 22, 2024
Jul 23 2024
Community Record
4
Posts
0
Kudos
0
Solutions
Jul 23 2024
4:46 AM
thanks, makes sense. So, we are going to need 2 rules on the edge corp firewall. MX to registry. MX to all the z3's and 4's when it wants to build a tunnel. thank you for all your answers.
... View more
Jul 22 2024
11:04 AM
Between mx and the remote z3s? MX must initiate it then, correct. So we are looking at a rule... MX internal ip (port range UDP 32768-61000), to any internet ip (UDP port range 32768-61000), for the tunnel? Dont need any well known ike, ipsec ports etc, correct? and then just a rule for MX to register with the meraki cloud.
... View more
Jul 22 2024
9:20 AM
Thanks, I did read that and everything is up and running fine. The issues are that security wants to lock communication to the bare minimum. So I need to know what side initiates, what the traffic flow is etc. Is that document saying that a tunnel is set up, MX---registry---Z3 ? or MX---Z3 after consulting the registry? because if that is the case we would need all public ips.
... View more
Jul 22 2024
8:53 AM
I need to understand the traffic flow for the setup of a vpn tunnel between a on-prem MX 250B and a z3 and/or z4. I also need to now what ports are required and ips. As far as I understand at this time. the Z3's register with a VPN registry, somewhere. When they want to start a tunnel, the registry reaches out to the MX250 with their public ip. Then the MX250 sets the tunnel up directly? thanks, Davidt
... View more
© 2024 Cisco Systems, Inc.
