Meraki

Community

About EvanM

Re: TCO for vMX100 in Azure

by in Security & SD-WAN
‎Feb 20 2020 6:49 AM
‎Feb 20 2020 6:49 AM
Terminaing the non-Meraki VPN on peer on the vMX won't work based on my current experience, which is why I am asking about Azure VPN Gateway in the mix.   Right now I am using hub/spoke with my remote offices/teleworkers (MX/Z-spokes) connecting to my corporate office (MX-hub).  At corporate I have a Fortigate firewall making a VPN tunnel to a 3rd party datacenter. I had do to it this way because non-meraki VPN routes are not advertised through Auto VPN and some of my spokes are dynamic IP or behind NAT devices, so I have no way to terminate the non-Meraki VPN tunnel directly to all my spokes. Thus, all my spokes route through corporate hub then hop over to FortiGate firewall to get out that 3rd party datacenter over VPN.  I'd like to eliminate having to route the spokes through corporate hub, and was thinking of vMX in Azure. ... View more

Re: TCO for vMX100 in Azure

by in Security & SD-WAN
‎Feb 19 2020 12:06 PM
‎Feb 19 2020 12:06 PM
@MRCUR    Old post here, but hoping you see the reply.  wanted to see if you are still running vMX in Azure and what current base costs are like?    Can vMX in Azure be used in conjunction with Azure VPN Gateway to send traffic out to a non-Meraki VPN endpoint connected to Azure? Idea here would be MX/Z devices would AutoVPN to vMX in Azure and then  it would route over VPN using Azure VPN Gateway out of Azure to a non-Meraki device in a 3rd party datacenter.     ... View more

Re: Hub/Spoke and Non-Meraki VPN Peers

by in Security & SD-WAN
‎Jan 26 2020 12:06 PM
1 Kudo
‎Jan 26 2020 12:06 PM
1 Kudo
Ultimately, the answer to my question is "not possible" without extra hardware as non-Meraki VPN routes are not advertised through AutoVPN.  Would be nice if Meraki allowed a customer to choose for themselves on this one and allow for selective advertising of non-Meraki VPN routers.  They could build in a check to prohibit this advertisement if there was a subnet overlap.   The solution design linked does work, although I am not using Meraki to accomplish it, and rather another firewall. ... View more

Hub/Spoke and Non-Meraki VPN Peers

by in Security & SD-WAN
‎Jan 20 2020 3:14 PM
2 Kudos
‎Jan 20 2020 3:14 PM
2 Kudos
I have an existing AutoVPN configuration that consists of 2 hubs (Hub1/Hub2) and about 30 spokes (Spoke1-30). The spokes do not default route through a hub (split tunnel)   I am now introducing a Non-Meraki VPN peer (NonP1). I will need NonP1 to act like a Hub in that Spokes1-30 need to communicate to NonP1.   I have successfully established a tunnel between Hub1 and NonP1. On the NonP1 side, the tunnel is terminated to WAN1 IP on Hub1 and the remote networks in the tunnel config matches the subnet behind Hub1. In the site-to-site VPN config I let the "Availability" as "All networks". I can pass traffic back/forth between Hub1 and NonP1 successfully.   Is there a way I can have Spokes1-30 communicate through Hub1 tunnel to NonP1 without having to default route all of the spokes through Hub1? Or, am I going to have to add Spoke1-30 as peers (using their WAN IP address) on NonP1 side? ... View more
© 2024 Cisco Systems, Inc.