Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

About BrentWiebe

Re: Failover Routing To VPN

by in Security & SD-WAN
‎Dec 20 2017 1:12 PM
‎Dec 20 2017 1:12 PM
Thank you!  It's ironic - we initially suggested doing something like this, but they were against us making any sorts of changes to their MPLS setup.   At this point it's as easy as adding an interface on their Data Center firewall cluster in the /30 leaving the existing 192.168.8.0/22 on the Datacenter alone, changing the Meraki interface to the /30 and changing routing on both ends.  Then the VPN will just work.   I've detailed it to them, and hope they will come to their senses 🙂   Thanks! ... View more

Re: Failover Routing To VPN

by in Security & SD-WAN
‎Dec 20 2017 12:14 PM
‎Dec 20 2017 12:14 PM
PhilipDAth, can you elaborate a little more on what you're suggesting? Thanks! ... View more

Re: Failover Routing To VPN

by in Security & SD-WAN
‎Dec 20 2017 9:59 AM
‎Dec 20 2017 9:59 AM
Looks intriguing but they don't have Meraki gear at their datacenter. Hmmmm.... ... View more

Re: Failover Routing To VPN

by in Security & SD-WAN
‎Dec 20 2017 9:13 AM
‎Dec 20 2017 9:13 AM
I looked at this earlier, but don't believe it will work. The biggest issue is that the route 192.168.8.0/22 can't exist twice on the Meraki cluster. It doesn't allow it. In the example they give, the scenario is a bit different, ... View more

Failover Routing To VPN

by in Security & SD-WAN
‎Dec 20 2017 6:59 AM
‎Dec 20 2017 6:59 AM
Working with a client and trying to come up with an automated failover mechanism for them. Here's the scenario:   They have 3 local locations that are all interconnected over an MPLS through switches.  The MPLS network is 192.168.8.0/22.  One of their locations is a datacenter, and all of their server infrastructure is in the same 192.168.8.0/22 network.  The datacenter has a non-meraki cluster protecting it.   They have a number of remote locations that have VPN connectivity to the datacenter over this network.   One of their 3 locations is new and has a Meraki MX-100 cluster on it, and the MPLS is connected through port 8 on the cluster.     In the event of a Port8/MPLS failure (unlikely as it may be), they are looking for a possible Automated-Failover.  From what I've seen/tried, this doesn't appear to be possible, as the Meraki seems to choke on the fact that the 192.168.8.0/22 network exists on a wired link.  If I try and add a VPN to the existing VPN route to 192.168.8.0/22, it complains because the network is already defined on a port.    On other devices, that I've had similar scenarios on, I can manage this by controlling route metrics/distance and they don't care if the route exists with multiple configurations.   Is there a way to do this with the setup as it is today?  I had thought about possibly using NAT for the VPN route, but that would require some level of redo on all of the existing VPN connectivity today.   Any other thoughts?  Anything I haven't considered?   As it stands today, I can only see this being a manual process:   1) Delete route/disconnect cable. 2) Enable VPN. 3) Reverse when MPLS available again.   Thanks! ... View more
© 2024 Cisco Systems, Inc.