Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About ArielA
ArielA
Comes here often
Member since Oct 12, 2020
Sep 13 2021
Community Record
4
Posts
0
Kudos
0
Solutions
Badges
Sep 11 2021
7:32 AM
Thanks Bruce for the advice. I've seen that link before. The point with that scheme (the one here https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS ) is that it assumes I can set the MX's default route to point to the Cisco MPLS router of the picture. Currently, this Cisco MPLS router belongs to the customer, but it is EoSupport. We are trying to replace that MPLS Cisco router with the MX, while also taking advantage of SD-WAN capabilities. Currently, with that Cisco router acting as an MPLS router we have GRE + OSPF + a default route injected via OSPF from the HQ to the branch, and machines in the branch are able to reach Internet (centralized at the HQ) through the MPLS network, but via the overlay GRE tunnel. Removing that Cisco MPLS router from the picture would let just the MX directly receiving the MPLS links (this is what we are evaluating). Under this setup, I think that pointing a default route to the MPLS PE router (not belonging to the customer) will blackhole the traffic with destination to the Internet. The actual MPLS links do not include routing to the Internet. Here is where I ask for alternatives. Is it possible the scheme we are evaluating? MX receiving the MPLS links directly? As far as I know MXs do not support GRE, such that we could collapse what the actual Cisco MPLS router is doing into the MX and do SD-WAN at the same time. Or do you think we would require two devices, a new MPLS router (Customer managed), and the MX behind it?. Thanks,
... View more
Sep 10 2021
12:05 PM
Hi, The scenario that I have is similar to the one you have described, except that this customer does not have VPLS/MPLS, but L3VPN/MPLS. I am thinking now, how to achieve centralized (at the HQ) Internet connection from the branches with this MPLS (L3VPN) service in between. The MX would receive directly the MPLS links with no other router in front, such that such router could build a gre tunnel to HQ, and inject a default route. Even when I think I could temporarily provide Internet access to the MX via an alternative path, I am not sure whether the MX can learn a default route from the HQ via the AutoVPN. Any advice?
... View more
Sep 9 2021
7:23 AM
Hi Bruce, Thanks for this insight. The deal with the No-NAT is to try to understand whether we can use the WAN/Internet ports of the MX to connect to the MPLS links. Or if we would require to connect the MPLS links to LAN ports (with VLANs and subnets). Not sure whether private links, not requiring address translation, could be connected to WAN/Internet ports of the MXs. Thanks,
... View more
Sep 8 2021
3:15 PM
Hello, I am thinking on a deployment of SD-WAN over two MPLS links at the branches. Due to some reasons the customer is not (at this time) planning to replace one of the links by an Internet link. This bring me to a question I do not find an easy answer for. Is it possible to use the MX in routed mode without Nating the LAN side? Is it possible to connect the MPLS links to the WAN ports of the MX, and skip NAT? I have read some post about No-NAT being in beta release, but it is from 3 years ago. I am not sure whether this is currently a feature. Thanks,
... View more
© 2024 Cisco Systems, Inc.
