BuiPham (Network Engineer Resources): MerakiMX: (05.01) Cấu hình Auto VPN trên Meraki MX

Mục tiêu thực hành:

- Thông tin kết nối Auto VPN trên Firewall Meraki MX.

- Kích hoạt Auto VPN trên Hub (MX84).

- Thiết lập Static Route tới Remote LAN trên Spoke (MX64).

- Kích hoạt Auto VPN trên Spoke (MX64).

- Kiểm tra trạng thái kết nối VPN Status trên Spoke (MX64).

- Kiểm tra trạng thái kết nối VPN Status trên Hub (MX84).

- Kiểm tra bảng định tuyến Route Table trên Hub vs Spoke.

Các bước triển khai:

Thông tin kết nối Auto VPN trên Firewall Meraki MX.

- Ports used to contact the VPN registry:

+ Source UDP port range 32768-61000

+ Destination UDP port 9350 or UDP port 9351

- Ports used for IPsec tunneling:

+ Source UDP port range 32768-61000

+ Destination UDP port range 32768-61000

Kích hoạt Auto VPN trên Hub (MX84).

- If the MX is configured as a Hub, it will build VPN tunnels to all other Hub MXs in the Auto VPN domain (in the same same dashboard organization). It will also build VPN tunnels to all Spoke MXs in the Auto VPN domain that have this MX configured as a hub. If all MXs in the Auto VPN domain are configured as Hub then the Auto VPN has a full mesh topology.

Thiết lập Static Route tới Remote LAN trên Spoke (MX64).

Kích hoạt Auto VPN trên Spoke (MX64).

- If the MX is configured as a Spoke, it will build tunnels to only the MXs that are configured as its Hubs. If the majority of MXs in the Auto VPN domain are configured as Spoke with only a few key locations (such as data centers or headquarters) configured as hubs, then the Auto VPN environment has a hub-and-spoke topology.