The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About wdepauw
wdepauw

wdepauw

Comes here often

Member since May 2, 2018

‎06-11-2018

Community Record

7
Posts
0
Kudos
0
Solutions

Badges

CMNA
1st Birthday
First 5 Posts View All
Latest Contributions by wdepauw
  • Topics wdepauw has Participated In
  • Latest Contributions by wdepauw

Re: Policy based routing with different VPN's

by wdepauw in Security / SD-WAN
‎06-05-2018 03:54 AM
‎06-05-2018 03:54 AM
Hi,   Tx for the feedback , this confirms my investigation gr wim   ... View more

Policy based routing with different VPN's

by wdepauw in Security / SD-WAN
‎05-30-2018 11:09 AM
‎05-30-2018 11:09 AM
Hi,   Our customer would like to have the following hub and spoke setup   In the spoke MX there will be 2 VPN tunnels VPN tunnel 1 : Going to the hub ( autovpn with another MX appliance configured as hub).  => The hub will announce the default route   VPN tunnel 2: Going Zscaler ( non-meraki peer)   => The goal is that the guest traffic ( LAN subnet1) will be routed to the Zscaler for verification so I would like to implement a policy that says  => if coming from LAN subnet1 then push the traffic into VPN tunnel2   I have the impression that you can only do policy-routing based using a specific interface and not a VPN tunnel.   Is the above scenario possible ?   gr wim     ... View more

Re: Vmx 100 routing

by wdepauw in Cloud Security / SD-WAN
‎05-03-2018 12:15 AM
‎05-03-2018 12:15 AM
ok  because I understood from the documentation that when you run the VPN concentrator mode you need to protect it  from the internet  because the FW functionality is not working. Is it different then for  the VMx ?     Placing an MX appliance in Passthrough mode at the perimeter of your network with a publicly routable IP address is not recommended and can present security risks. As a best practice, Passthrough mode MX appliances should always be deployed behind an edge firewall.   => since the spokes will connect over the internet towards the vmx hub I need a publicly routable IP address   gr wim ... View more

Re: Vmx 100 routing

by wdepauw in Cloud Security / SD-WAN
‎05-02-2018 11:41 PM
‎05-02-2018 11:41 PM
pressed enter a little bit to quick 🙂  I've added a drawing for clarification   tx Wim ... View more

Re: Vmx 100 routing

by wdepauw in Cloud Security / SD-WAN
‎05-02-2018 11:39 PM
‎05-02-2018 11:39 PM
Hi, Tx for the reply, I would put a FW in between the Vmx and VPC router so the Vmx is protected from the internet => In that case the default gateway would point to the FW  =>  I would also enable OSPF on the Vmx . This would mean that the spoke routes are advertised to the MPLS router so the MPLS router knows how to reach the spoke sites.       ... View more

Re: Vmx 100 routing

by wdepauw in Cloud Security / SD-WAN
‎05-02-2018 07:29 AM
‎05-02-2018 07:29 AM
Hi,   Tx for the quick reply , in the vpn configuration you have the local networks which you can advertise. Is this like a cisco router where it needs to be available if you want to advertise it ?   I assume that you are pointing to this chapter in the documentation  ?   Full Tunnel   In full tunnel mode all traffic that the branch or remote office does not have another route to is sent to a VPN hub. Note: This is not supported for virtual MX VPN concentrators operating within Azure. ... View more

Vmx 100 routing

by wdepauw in Cloud Security / SD-WAN
‎05-02-2018 05:54 AM
‎05-02-2018 05:54 AM
Hi,   I'm working on a design for a customer and they want to place 2* Vmx in AWS and terminate the VPN tunnels of +/-120 remote sites on these Vmx's. => The Vmx will be used as a hub => In the branches there will be small MX appliances working in NAT mode   Traffic from a spoke should follow the path:   -  Traffic from spoke will be encrypted in autovpn tunnel and routed to the highest priority Vmx. If the Vmx Hub would fail then it puts the traffic towards the 2nd Vmx Hub. -  Traffic will be decrypted in the hub VMx and should be routed towards a connected (virtual) MPLS router -  From the MPLS router it will be forwarded into the MPLS cloud to one of their DC's     I understood from the documentation that the Vmx can only work in VPN concentrator mode ( L2 bridging), and with this mode routing is disabled. => This means that the Vmx will not known about the routes behind the virtual MPLS router and I think he will drop the traffic.   In my (humble) opinion the Vmx is not made for this setup, in the VPN concentrator mode the Vmx can reach the local attached subnets but it can route traffic to another router.     Am I correct in this ? Or is there another solution with the Vmx ?   Another problem is that the return traffic should be able to reach the correct Vmx otherwise there is a risk that the traffic is routed over autovpn tunnel 1  ( with Vmx Hub1) and the return traffic from the DC will come on Vmx Hub2   => I don't know how the Vmx will react on assymetric traffic.  Did anybody have a setup like this ?     gr wim     ... View more
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Cookies
  • Terms of Use
© 2023 Meraki