Meraki

Community
  • About mgm

About mgm

Re: Can Meraki MX95 Replace Cisco ASA for IPsec VPN to AWS Transit Gateway?...

by in Cloud Security & SD-WAN (vMX)
‎Jul 17 2025 1:12 PM
‎Jul 17 2025 1:12 PM
Thank you for your input, and we will go the vMX route if we have too. We would prefer not having to introduce any other appliances and possibly having to re-architect our AWS network.  We really just want to swap out our ASA's with physical Meraki MX95's.  Even if we use static routing, the question still remains, will traffic pass in both directions.  Tunnels come up but nowhere can i find proof actual traffic passing end to end. ... View more

Re: Can Meraki MX95 Replace Cisco ASA for IPsec VPN to AWS Transit Gateway?...

by in Cloud Security & SD-WAN (vMX)
‎Jul 17 2025 11:50 AM
‎Jul 17 2025 11:50 AM
thank you very much for looking into this, much appreciated! unfortunately, our scenario is very specific to the AWS Transit Gateway. We dont have the hardware ourselves and we are asking a vendor to PoC it.  We think BGP wont work, even with the updated firmware, but as a workaround we can static route a supernet so we don't feel that is a show stopper. The tunnel successfully establishes using static routing and a summarized CIDR, as confirmed by IKE Phase 1 and 2 logs. That said, those logs only show that the control plane is up—they don’t confirm actual traffic is passing.    Dynamic Routing via Transit Gateway – Not successful: cannot see the routes in the route table on either side, and BGP status on the Meraki is either in openSent or Established peer status   ... View more

Can Meraki MX95 Replace Cisco ASA for IPsec VPN to AWS Transit Gateway? – W...

by in Cloud Security & SD-WAN (vMX)
‎Jul 17 2025 9:52 AM
‎Jul 17 2025 9:52 AM
Hi all, We currently have a site-to-site IPsec VPN successfully running between our on-premise Cisco ASA firewalls and an AWS Transit Gateway using a Customer Gateway.   We are exploring the option of replacing the Cisco ASA firewalls with Meraki MX95s.   From our initial testing, it appears that the tunnel can be successfully established between the MX95 and AWS Transit Gateway.   However, we've encountered reports that even with the tunnel up, traffic does not pass between on-prem and AWS networks, potentially due to limitations with physical Meraki MX appliances.   Has anyone successfully implemented this setup? Meraki MX95 (on-prem) to AWS Transit Gateway over IPsec BGP or static routing with a summarized CIDR No vMX Reliable traffic flow between networks We're looking for confirmation or insights from anyone who has successfully passed traffic through this configuration, or who can shed light on whether the SA limitation or any limitation indeed prevents traffic from flowing.   Thanks in advance for your help! ... View more
© 2025 Cisco Systems, Inc.