Meraki has worked to ensure that deploying Auto VPN is as simple as possible while still ensuring that you are able to perform more advanced configuration to fine-tune the deployment to best suit your needs. For larger deployments that may employ multiple Auto VPN hubs for failover or load balancing, the ability to configure specific hub priorities for each spoke becomes paramount to ensure proper traffic flows.

By allowing each spoke configuration to have multiple hubs defined with a priority for each, Meraki enables you to easily balance traffic loads from different spokes across multiple hubs while still ensuring alternate paths are available if a hub becomes unreachable for any reason. This is particularly useful for large deployments that may be implementing more advanced configurations involving multiple redundant hubs, such as DC-DC failover.

Full Tunnel Versus Split Tunnel

In addition to using hub prioritization to balance traffic loads, you can choose between full tunnel and split tunnel configurations for each spoke site to limit the amount of traffic passing over Auto VPN, which reduces the load requirements on hub devices. As mentioned previously, the IPv4 Default Route check box for each hub can be configured to enforce a full tunnel configuration, requiring all Internet-bound traffic to pass over Auto VPN and traverse out the selected hub. Figure 5-13 shows a spoke site that has two hubs configured, one of which has been configured as a default route/full tunnel.

Figure 5-13 Example Auto VPN Configuration Showing a Spoke Site Configured for Two Hubs, with the Primary Hub Configured to Provide an IPv4 Default Route to the Spoke

This type of configuration may be required for compliance reasons, but for sites that do not require this configuration, we typically recommend employing a split tunnel configuration. By leaving the IPv4 Default Route check box for a hub unchecked, you can ensure that only traffic specifically destined for an advertised route from the hub will be sent over Auto VPN. This can significantly reduce the traffic load on both the hub and spoke MX for sites that do not require a full tunnel configuration.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Adaptive Policy (SGT) – MX and MG Best Practices – Cisco Meraki

Meraki has also implemented support for the Cisco TrustSec architecture with a feature called Adaptive Policy. Designed to offer improved management and scalability over more traditional access control methods, Adaptive

Using Webhooks, Syslog, and SNMP to Trigger Outside Automation – Automating the Dashboard – Cisco Meraki

Now that you’ve been introduced to the use of templates within the Dashboard to help automate network configuration, it’s time to start thinking outside the Dashboard. With the help of

What Is the Dashboard API and How Is It Used? – Automating the Dashboard – Cisco Meraki

The Dashboard API is likely the most powerful form of automation available for the Meraki platform due to its availability of options and ease of integration with external solutions. As