Hello! Thanks for great video! I have very similar design, but unfortunately Meraki Global can't see Meraki vMX on Alibaba. We have Meraki vMX on Alibaba in CN and Meraki vMX in EU. Between them, we have a channel established by China Telecom with BGP routing inside. I've set up a test VM in EU vMX subnet (I did the same for Alibaba). I can ping CN vMX from the test server in EU and vice-versa. I've configured non-Meraki peers on CN and EU hubs, but they are showing the red status. I'm not sure what IPSEC policy I have to use for CN, but Meraki support didn't mention any specific, only said they are must equal on both sides. I'm stuck in this task, some topics on reddit say AutoVPN is ok to use in CN, some say no, only non-Meraki peer. Any idea what will be the right scenario?
Hey, so to build a tunnel from outside mainland China to inside is a challenge due to the Chinese firewall, hence i suggested in this video to use alibaba core to route the traffic from China to outside. Can I ask, why you want to build non Meraki VPN?
@@FadyNETDecoratorsHi, thanks for reply! Basically we have a channel from China Telecom (MPLS?) which helps us to bypass Great Firewall. I can ping vmx in China and EU. I suppose we have two different org (China and Global meraki), this is the reason why non-meraki peering is only the option. Or I'm wrong here? I simply see no options for AutoVPN on Meraki dashboard.
If you have a private connection between China and global, then you can use routing to advertise your global subnets to China and vice versa. Here is what I mean: - China MX connects to your MPLS and configure the local subnets (with all your global IPs) so your Chinese network can route the traffic to and of course make sure the return traffic is configured - Global MX also need to be connected to MPLS and configure the local subnets with all your Chinese routes. We won't use any tunnels to connect both orgs, we will just use routing. You can configure BGP with the MXs in China & global and your MPLS, you just need to make sure that those MXs are in concentrator mode.
Hello! Thanks for great video! I have very similar design, but unfortunately Meraki Global can't see Meraki vMX on Alibaba.
We have Meraki vMX on Alibaba in CN and Meraki vMX in EU. Between them, we have a channel established by China Telecom with BGP routing inside.
I've set up a test VM in EU vMX subnet (I did the same for Alibaba). I can ping CN vMX from the test server in EU and vice-versa.
I've configured non-Meraki peers on CN and EU hubs, but they are showing the red status. I'm not sure what IPSEC policy I have to use for CN, but Meraki support didn't mention any specific, only said they are must equal on both sides.
I'm stuck in this task, some topics on reddit say AutoVPN is ok to use in CN, some say no, only non-Meraki peer.
Any idea what will be the right scenario?
forgot to mention - all resources in EU are built on Azure, and we are using ExpressRoute to connect China Telecom.
Hey, so to build a tunnel from outside mainland China to inside is a challenge due to the Chinese firewall, hence i suggested in this video to use alibaba core to route the traffic from China to outside.
Can I ask, why you want to build non Meraki VPN?
@@FadyNETDecoratorsHi, thanks for reply! Basically we have a channel from China Telecom (MPLS?) which helps us to bypass Great Firewall. I can ping vmx in China and EU. I suppose we have two different org (China and Global meraki), this is the reason why non-meraki peering is only the option. Or I'm wrong here? I simply see no options for AutoVPN on Meraki dashboard.
If you have a private connection between China and global, then you can use routing to advertise your global subnets to China and vice versa. Here is what I mean:
- China MX connects to your MPLS and configure the local subnets (with all your global IPs) so your Chinese network can route the traffic to and of course make sure the return traffic is configured
- Global MX also need to be connected to MPLS and configure the local subnets with all your Chinese routes.
We won't use any tunnels to connect both orgs, we will just use routing. You can configure BGP with the MXs in China & global and your MPLS, you just need to make sure that those MXs are in concentrator mode.