Home > Security and SD-WAN > Site-to-site VPN > Subnetting Large-scale Teleworker Gateway Deployments for Route Summarization

Subnetting Large-scale Teleworker Gateway Deployments for Route Summarization

Table of contents
No headers

When several Z-series Teleworker Gateways are deployed to establish site-to-site VPN tunnels to an MX in VPN Concentrator Mode, a static route for each VPN connection needs to be configured on the MX's default gateway. However, configuring one static route per device is cumbersome for large-scale Teleworker Gateway deployments. Using Route Summarization, this task can be accomplished with one route if configured correctly.

 

1. Configure the MX as a VPN Concentrator.

 

2. Configure the Class B summarized route. Use a Class B (or /16 in CIDR notation) network when configuring the static route to the VPN Concentrator on your third-party default gateway. This can be done with any private Class B subnet such as 172.16.0.0/16.

The subnets suggested in this example are not required for proper Route Summarization. Other subnetting methodologies such as VLSM (variable length subnet mask addressing) can appropriately achieve similar deployment goals.

 


4f83ffb8-b4b1-4a5e-bb2d-4b4427f4f36c

Figure 1. Sample configuration of the route needed on a Cisco Router, where 10.10.10.1 is the IP address of the MX VPN Concentrator.


Z1 addressing & vlans.PNG

Figure 2. Configuring the local subnet on the Teleworker Gateway for VPN Route Summarization. 

 

3. Subnet each Teleworker Gateway within the range of the summarized route. When deploying each Teleworker Gateway, go to Teleworker gateway > Configure > Addressing & VLANs and configure the device’s LAN Config Subnet in the same range as the 172.16.0.0/16 route. Each Teleworker Gateway will be in a /24 addressing scheme that is part of the /16 route that you configured. Use a unique Class C subnet for each Teleworker Gateway to avoid overlapping subnets. If there are overlapping subnets, traffic will not be able to route.

44b2166b-c7da-461f-8355-f2690656bd8e

Figure 3. An example deployment with Teleworker Gateways on separate Class C subnets and the route on the Cisco router pointing to the MX VPN Concentrator IP.

 

The Teleworker Gateways are subnetted in the same Class B network (/16) and on distinct subnet ranges from the datacenter. This separation allows Route Summarization to work because all VPN traffic is destined for one large subnet that encompasses many smaller Teleworker Gateway networks.  

Last modified

Tags

Classifications

This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 1449

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community