- About hmc250000
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
hmc250000
Comes here often
Member since Dec 5, 2019
a week ago
Community Record
18
Posts
0
Kudos
0
Solutions
Badges
2 weeks ago
Does it make sense to have regional hubs in the above design? For example if you have 2 branch offices in Asia and you have to send traffic between the branch offices would traffic have to traverse through the head office or can I assume traffic will go through the nearest hub to get to the other branch office? Or there any advantages or disadvantages to having more hubs.
... View more
2 weeks ago
Can you setup a site to site VPN between a non meraki peer and a spoke (as opposed to a hub)? And if you do not want to have a peer connection from the external non meraki peer to every peer in the AUTOVPN organization is there a way you can allow the sites in your organization to route to this non meraki external peer?
... View more
3 weeks ago
A few more questions: - We have MPLS and DMVPN in every site (with Cisco equipment). We have HSRP configured in each site to make the DMVPN network the primary WAN link and MPLS the backup. How do we setup something similar with the Meraki AutoVPN as primary and the MPLS or DMVPN network as backup? Can you configure HSRP, GLBP or VRRP between the Meraki MX's and a Cisco router? - If we want to use a dynamic protocol which protocol would be recommended? I've read that BGP has been tested much longer than OSPF for AUTOVPN. Would that work to share routes with neighbors (MPLS or DMVPN) on the LAN side too? - Can you setup a site to site VPN between an external non meraki peer and one of the spoke site in the AUTOVPN mesh and advertise the external routes in the AUTOVPN mesh?
... View more
3 weeks ago
Would this global Meraki AutoVPN design work? The hub site US1 (2MXs HA in routed mode) is bridged to a DMVPN and MPLS network on the LAN side through static routes. Summary routes are injected on the routers in the hub (US1) and advertised from there. 1 DMVPN hub (US1) 1 MPLS hub (US1) 4 Meraki AutoVPN hubs 40 Spoke sites across the globe Subnets: US1 172.16.1.0/24 (summary route 172.16.0.0/16 advertised) US2 172.16.2.0/24 US3 172.16.3.0/24 US4 172.16.4.0/24 Europe1 172.16.100.0/24 Europe2 172.16.101.0/24 Europe3 172.16.102.0/24 Europe4 172.16.103.0/24
... View more
3 weeks ago
We have an existing DMVPN and the routers are all Cisco. I know the MX's do not support DMVPN but I was merely trying to make it clear that the MX's in the hub site will be the gateway to the DMVPN network from the Auto VPN mesh through a static route on the internal vlan interface of the MX's. So can the MX's in the hub site be configured in routed mode in this scenario?
... View more
3 weeks ago
Can you Bridge AutoVPN with Cisco DMVPN with the MX at the hub in routed mode (with static routes and about 40 spokes)? We intend to have 2 MX's for HA at the hub site that will bridge to the DMVPN.
... View more
4 weeks ago
Just found this Routed Mode and AutoVPN You can only advertise the same subnet from more than one appliance if all appliances advertising that subnet are in Passthrough or VPN Concentrator mode. All subnets advertised from an appliance in Routed mode must be unique within the AutoVPN topology. https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior
... View more
a month ago
Good info. In the mesh can you have one route advertised by 2 or multiple hubs? For instance I would like to advertise a summary route 172.16.0.0/16 on at least two of our hubs. I've tried this but get an error.
... View more
a month ago
Ok. So all the sites in an organization that participate in site to site VPNs will join the mesh. We intend to have a small number of regional hubs. IS it possible to have some of the MX's in spoke sites not join this mesh and just have a single site to site connection to one hub?
... View more
a month ago
Please explain in more detail how to do that? I don't see an option of route metrics.And if you now turn on a more specific route would that not also advertise to other VPN peers? Maybe an example would help me understand it better.
... View more
a month ago
Can you advertise summary routes that are turned on in the VPN in a hub site to on only selective MX VPN peers? What can you do if you do not want all meraki spoke/hub sites and non meraki peers to send traffic to a summary route that is advertised? Thanks.
... View more
12-01-2020
07:48 AM
I'm confident that the request time outs have something to do with the Meraki appliance. Traceroute actually from the appliance is ok but the problem is with tracing from Meraki VPN clients through the appliance. All other devices can trace fine and show no request time outs. We see the exact same behavior on 2 appliances so far. I've opened a ticket with support and they acknowledged it and are seeing the same issue.
... View more
11-30-2020
07:03 AM
We recently deployed a new MX250 but traceroute is not working properly on the appliance for some reason. Here is a traceroute, we don't see all the hops and see request timed out for hop 1 and 3 from VPN clients to 8.8.8.8 through the MX. Hop 2 is it's internal interface. All the other devices and neighbors show all the hops with traceroute. Are we missing something on the MX? do we need to enable icmp somewhere in the firewall settings? tracert -d 8.8.8.8 Tracing route to 8.8.8.8 over a maximum of 30 hops 1 * * * Request timed out. 2 9 ms 9 ms 11 ms 10.0.0.254 3 * * * Request timed out. 4 15 ms 15 ms 17 ms 185.225.39.124 5 16 ms 16 ms 23 ms 185.225.38.3 6 54 ms 23 ms 23 ms 188.32.118.39 7 18 ms 18 ms 17 ms 198.170.248.1 8 25 ms 16 ms 16 ms 198.170.237.205 9 16 ms 16 ms 16 ms 8.8.8.8 Trace complete. And why is it not possible to traceroute from the internal interface (only the external interface) to other devices under tools?
... View more
11-05-2020
07:15 AM
Can you have spoke sites configured with a default route out to the internet locally and not through the central hub or hubs? From what I see configuring all sites as hub becomes a nightmare when site to site VPN's get advertised to all other hubs (including VPN's to external organizations). I know you can permit or deny but it's so much work.
... View more
12-06-2019
06:20 AM
Is hairpinning (traffic making a u turn in and out of the WAN interface) supported out of the box on MX appliances? On Cisco ASA this has to be configured.
... View more
12-05-2019
07:37 PM
Thanks but are specific configuration settings required for that to work?
... View more
12-05-2019
05:14 PM
Has anyone been able to or know if you can establish an active directory trust between 2 organizations through a site to site VPN between 2 Meraki MX appliances or between an MX appliance and a Cisco ASA?
... View more
