Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to use VPN connection to main office only for listed websites?

Masterok
Just browsing
‎Oct 30 2023 9:09 AM
‎Oct 30 2023 9:09 AM

How to use VPN connection to main office only for listed websites?

Hi,

We have Meraki MX64 that connected via VPN to Meraki MX84(main office).

How use VPN connection to main office only for listed websites not for all traffic.

Thank you.

0 Kudos
Subscribe
11 Replies 11
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 30 2023 9:12 AM
‎Oct 30 2023 9:12 AM

Can you provide more details? His question was very vague.
 
This VPN is SD-WAN (auto VPN) correct?
 
Are you talking about internal sites?
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Masterok
Just browsing
‎Oct 30 2023 12:09 PM
‎Oct 30 2023 12:09 PM

1. - Yes.

2. - External websites (or IPs).

0 Kudos
Subscribe
RaphaelL
Kind of a big deal
Kind of a big deal
‎Oct 30 2023 10:36 AM
‎Oct 30 2023 10:36 AM

So you want only certain website to be routed via AutoVPN and the rest ( all ? ) traffic to be routed through your local WAN ? 

 

1- Are those websites in your LAN ? ( RFC1918 ) If yes,  you can announce the specific routes in your AutoVPN. 

0 Kudos
Subscribe
In response to RaphaelL
Masterok
Just browsing
‎Oct 30 2023 11:52 AM
‎Oct 30 2023 11:52 AM

So you want only certain website to be routed via AutoVPN and the rest ( all ? ) traffic to be routed through your local WAN ? - Yes

1- Are those websites in your LAN ? ( RFC1918 ) If yes, you can announce the specific routes in your AutoVPN. - How can I do that? I tried, and it allows me with whole subnets, but I can't do it with the specific websites or IPs.

Main office configuration MX84: Site-to-site VPN, type HUB

Branch office configuration MX64: Site-to-site VPN, type Spoke, HUB-main office.

 

 

Website: example.com (external)

 

0 Kudos
Subscribe
In response to Masterok
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 30 2023 11:54 AM
‎Oct 30 2023 11:54 AM

Are you saying that the places where MX Spokes use the main site link to access the Internet?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Masterok
Just browsing
‎Oct 30 2023 12:11 PM
‎Oct 30 2023 12:11 PM

Everyone is using his own internet, and they are connected with VPN in case you need access for example to share folder in different office.

0 Kudos
Subscribe
In response to Masterok
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 30 2023 12:19 PM
‎Oct 30 2023 12:19 PM

Maybe the solution you are looking for is VPN Full-Tunnel Exclusion, if my understanding is correct.
 
 
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
Masterok
Just browsing
‎Oct 30 2023 12:35 PM
‎Oct 30 2023 12:35 PM

It looks like a solution with the opposite result.

0 Kudos
Subscribe
In response to Masterok
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 30 2023 12:43 PM
‎Oct 30 2023 12:43 PM

So I'm sorry, I didn't understand what you want.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to Masterok
ww
Kind of a big deal
Kind of a big deal
‎Oct 30 2023 12:56 PM
‎Oct 30 2023 12:56 PM

If you want public ip advertised in your tunnel

 

In one armed concentrator hub you can advertise any ip/subnet , spokes will take that route.

 

In routed mode, you need a internet access connected to you lan. And set static routes to that next hop

Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 30 2023 1:49 PM
‎Oct 30 2023 1:49 PM

You can't do this easily.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.