Meraki Community

Rsharma · ‎Sep 8 2023

I agree with @jimmyt234. MX-105 should be deployed in HA. Primary and secondary internet links should be terminated on the warm MX router so that they can manage their fail over in case one link goes down and the tertiary link should be terminated on the spare MX so if both primary and secondary link goes down traffic can be shifted to spare MX router and tertiary link can be utilised.

Rsharma · ‎Dec 9 2021

@KarstenI here it is. this network was handed over to me as it is 😞 . i am able to reach both 10.50.x.x and 10.60.x.x from LAN subnets of the hub. i am advertising these routes in auto VPN as well but spokes cannot reach DC subnets though.

Rsharma · ‎Dec 9 2021

@ww yes switch IP belongs to management subnet which is routed into autoVpn.

Rsharma · ‎Dec 9 2021

@rhbirkelund remote tunnels are terminated on the fortiGate. MX only has auto VPN tunnels and routes to reach remote subnets pointed towards fortiGate.

Rsharma · ‎Dec 9 2021

I have a FortiGate firewall in front of my Meraki MX appliance. FortiGate has site to site IPSEC tunnel with one of our DC and Meraki is the Hub for auto VPN setup for my other sites. i am getting some routes through Firewall IPSEC and those subnets are reachable through Meraki Hub. but when i advertise those learned routes into auto VPN my spokes cant reach those subnets though. when i try to trace these subnets instead of taking me to the auto VPN route shows it is taking the default route. is there any advise? reachability though MX Auto VPN Hub. Route being recieved on spoke via auto VPN. no reachability from spoke LAN switch.

Meraki Community

About Rsharma

Rsharma

Community Record

Badges

Re: New network design On Meraki

Re: Meraki external route not working.

Re: Meraki external route not working.

Re: Meraki external route not working.

Meraki external route not working.