Meraki Community

Gdoggy · ‎Feb 29 2024

So question for you all. My company has 23 remote offices with MX devices connecting each office to our Main office. 8 of our offices including the main office have 2 wan connections out. Wan 1 (internet) Wan 2 (MPLS). We want the 8 offices to send traffic through our MPLS connection on Wan2. I know how to set it up (I think) My question is if one of our other offices that does not have MPLS connections wants to communicate with the main office or one of the other offices with an MPLS connection, the Mx in the remote office sends out Wan1 (internet) . However, if the return packet from the server in our main office has the Uplink Selection Policy set for the offices with MPLS to go out WAN 2. Is that going to cause more latency on the return trip or will it go back out the Wan 1?

The non-MPLS sites are connecting through Meraki AutoVPN

NOW I AM CONFUSED after writing that!! LOL

Example: our X office is not on the MPLS connection and has a subnet of 10.10.1.0/24 and a user in that office wants to pull an AutoCad File from one of the main servers in our home office with the 10.1.1.0/24 subnet, and an Uplink Selection Policy set to Prefer WAN2 (MPLS) for all traffic from the 10.1.1.0/24 going to our other MPLS connected offices. Will it add latency by attempting to return through the USP WAN2, or will it go out through WAN 1?

Same bad dream eating big Marshmello!!!! Pillow now Missiing

rhbirkelund · ‎Feb 29 2024

You would need to use Meraki AutoVPN in order for your non-MPLS site to search local ressources at your MPLS sites.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

Gdoggy · ‎Feb 29 2024

I forgot to mention that! They are using AutoVPN on the non-MPLS sites.

Same bad dream eating big Marshmello!!!! Pillow now Missiing

rhbirkelund · ‎Feb 29 2024

There's a couple of ways in how you can achieve connectivity between your MPLS and non-MPLS sites.

For your MPLS sites, I understand that you are using both WAN interfaces. Then you are probably doing essentially Meraki SDWAN with AutoVPN over both Internet and the MPLS links. With VPN connections between all your MPLS sites. Then you'd just announce subnets from each site and be on your way.

For the non-MPLS site, AutoVPN would create a tunnel to your MPLS sites over the internet, directly as well as whatever internet exit point you have in your MPLS.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

PhilipDAth · ‎Feb 29 2024

There are two main methods.

The first is to use AutoVPN over MPLS. This is the most complicated but by far the most flexible. This is the approach I always try and use first.

https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS

The second is to use AutoVPN for failover for MPLS. As long as the MX is the default gateway at all sites this will also work.

https://documentation.meraki.com/MX/Deployment_Guides/MPLS_Failover_to_Meraki_Auto_VPN

Both of these methods should achieve what you need.

cmr · ‎Feb 29 2024

We have a similar setup to you and have removed the complexity by having the MXs at the main data centre in single ended WAN concentrator mode. That was you can have remote sites with two internet connections, two MPLS connections or one of each, it all just works. You will need a separate edge firewall at the main site, but the extra cost is worth the excellent availability in my book.

Brash · ‎Feb 29 2024

I did exactly this too.
It is sooo much less complex.

Meraki Community

MPLS questions for MX devices

MPLS questions for MX devices