SASE - Configuring Meraki vMX (AWS) Site to Site VPN with MX67W - SDWAN
ฝัง
- เผยแพร่เมื่อ 10 มิ.ย. 2022
- This tutorial provides a step by step guide to create vMX in AWS to provide a fast, easy and simple to manage way to connect to the resources in Azure.
- วิทยาศาสตร์และเทคโนโลยี
![[TSHOOT] Troubleshoot Non-Meraki VPN Tunnels with Cisco Meraki MX Security Appliances](http://i.ytimg.com/vi/WJNUImcWfWg/mqdefault.jpg)
Very helpful video! Helped me when i got stuck in a rut. Appreciate your work!
Glad that it is useful :)
This is a great video. Thank you very much!!!!
Glad that you enjoy it. :)
Great video this helped me setup the environment for basic traffic, my question is how do you configure the Environment to have ALL traffic passthrough the Meraki? Inbound and outbound.
I would like the Meraki to manage inbound firewall filtering if possible. Or is this Meraki only for VPN management?
Thanks, Meraki vMX in the cloud only function as a One-Arm VPN Concentrator. If you need VPN and Firewall capabilities in AWS. You can check out the Cisco Firewall that is available in the Cloud Market place.
For your on-prem Meraki MX it is both a firewall as well as a VPN Server.
Thank you for your detailed presentation. Issue I am having is SSH from AWS SSH server cannot connect to SSH server at client side via VPN. It times out.
For a start I will check if the SSH Server is routing the traffic through the VPN Tunnel.
Thanks for the Guide! Detailed & precise
Any idea if it works by not using AutoVPN but standard non-meraki ipsec across to AWS?
Reason being, both our branch Mx and vMx belongs to diff organization account...can't do autoVPN
It should work with the standard IPSec config. as long as the crypto and protocol is supported have not done with AWS but did a standard IPsec with oracle cloud before. the tricky part is getting the protocol to match and then the routing. let us know if u manage to get it working with AWS.
You may want to get an Elastic IP to use with the vMX for its Public IP so it doesn't ever change and break your IPsec tunnel.
It's not going to work for what you need. IPSEC tunnels on regular site to site can only recognize and pass traffic for one subnet to AWS from Meraki. I think this has something to do w/Meraki being policy based instead of route based site to site. You'd be much better off merging sites into the same org. Contact support for help.
Great Video!!
One question here.
Would we be able to configure /16 (10.111.0.0/16) as the local subnet on the vMX instead of 10.111.10/24? This is because you would want your entire AWS network reachable from the remote sites.
It is possible to expand the subnet to /16. You do have to determine how the existing AWS routing works as well. But if it is simple inclusion on the subnet in a single LAN then it should be fine.
Will really appreciate if you can make a video spinning two virtual MX in AWS depicting High Availability