How to use VPN connection to main office only for listed websites?

Masterok
Just browsing

How to use VPN connection to main office only for listed websites?

Hi,

We have Meraki MX64 that connected via VPN to Meraki MX84(main office).

How use VPN connection to main office only for listed websites not for all traffic.

Thank you.

11 Replies 11
alemabrahao
Kind of a big deal
Kind of a big deal

Can you provide more details? His question was very vague.
 
This VPN is SD-WAN (auto VPN) correct?
 
Are you talking about internal sites?
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Masterok
Just browsing

1. - Yes.

2. - External websites (or IPs).

RaphaelL
Kind of a big deal
Kind of a big deal

So you want only certain website to be routed via AutoVPN and the rest ( all ? ) traffic to be routed through your local WAN ? 

 

1- Are those websites in your LAN ? ( RFC1918 ) If yes,  you can announce the specific routes in your AutoVPN. 

Masterok
Just browsing

So you want only certain website to be routed via AutoVPN and the rest ( all ? ) traffic to be routed through your local WAN ? - Yes

1- Are those websites in your LAN ? ( RFC1918 ) If yes, you can announce the specific routes in your AutoVPN. - How can I do that? I tried, and it allows me with whole subnets, but I can't do it with the specific websites or IPs.

Main office configuration MX84: Site-to-site VPN, type HUB

Branch office configuration MX64: Site-to-site VPN, type Spoke, HUB-main office.

 

 

Website: example.com (external)

 

alemabrahao
Kind of a big deal
Kind of a big deal

Are you saying that the places where MX Spokes use the main site link to access the Internet?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Masterok
Just browsing

Everyone is using his own internet, and they are connected with VPN in case you need access for example to share folder in different office.

alemabrahao
Kind of a big deal
Kind of a big deal

Maybe the solution you are looking for is VPN Full-Tunnel Exclusion, if my understanding is correct.
 
 
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Masterok
Just browsing

It looks like a solution with the opposite result.

alemabrahao
Kind of a big deal
Kind of a big deal

So I'm sorry, I didn't understand what you want.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
ww
Kind of a big deal
Kind of a big deal

If you want public ip advertised in your tunnel

 

In one armed concentrator hub you can advertise any ip/subnet , spokes will take that route.

 

In routed mode, you need a internet access connected to you lan. And set static routes to that next hop

PhilipDAth
Kind of a big deal
Kind of a big deal

You can't do this easily.

Get notified when there are additional replies to this discussion.