Meraki

Community
  • About Bits-n-Bytes

About Bits-n-Bytes

Re: BGP Over IPsec Tunnel

by in Security & SD-WAN
2 weeks ago
2 Kudos
2 weeks ago
2 Kudos
Oh I see, yes this would work. I asked but they have strict restrictions on what they will peer with. In theory they'd never know but I did ask and they're not willing to support this (unfortunately)  ... View more

Re: BGP Over IPsec Tunnel

by in Security & SD-WAN
2 weeks ago
2 Kudos
2 weeks ago
2 Kudos
This is my current plan. In a perfect world all of the vendor tunnels lived on the Azure vMX but this will work as a plan-b.    My other plan is to try moving the MX250 and vMX into the same org, this will allow us to use AutoVPN... Maybe this bypasses the "hairpin" routing issue when trying to access a foreign network on an IPsec tunnel. I'll post here if this works. ... View more

Re: BGP Over IPsec Tunnel

by in Security & SD-WAN
2 weeks ago
2 weeks ago
I did try this, but the dashboard will NOT let me configure iBGP on the S2S IPsec link. I tried using 64512 on both ends and it errors out. It wants a unique ASN on each end. Perhaps there's a work around for this? ... View more

BGP Over IPsec Tunnel

by in Security & SD-WAN
2 weeks ago
2 weeks ago
Hello,   I'm attempting to connect to a remote vendor subnet via a passthrough MX appliance. After some research, it appears this is not possible using static routes.   I did switch to using a BGP IPsec tunnel between our own MX appliances but that also presented a challenge. On the very bottom of the IPsec BGP Deployment Guide, there's a footnote that says Note: Statically defined local routes configured on passthrough MX devices are not exported to the eBGP peer over IPsec   When I tried the BGP tunnel, the local Azure LAN and remote vendor subnets were not exported to the on-prem MX250. Our vMX and MX250 are not AutoVPN peers as the MX250 is part of an old organization.   I feel like the only way to solve this is to enable BGP on the IPsec tunnel with the Vendor (unfortunately not an option here) and move the Azure LAN stuff to a completely different firewall that's part of our AutoVPN deployment. Am I off in left field?    Here's a drawing that helps explain my problem. Thanks for reading.   ... View more
© 2026 Cisco Systems, Inc.