Meraki

Community

Site to Site VPN MX > VMX > AWS

Jpoljic
New here
‎Oct 30 2018 3:58 AM
‎Oct 30 2018 3:58 AM

Site to Site VPN MX > VMX > AWS

Hi,

 

I have small issue with MX > auto VPN > vMX > Ipsec > AWS 

 

I have in MX 10.196.0.0/20 ,  In vMX   10.3.0.0/20   and in AWS 192.168.0.0/16 

 

From MX Im able to reach vMX network but not able to reach Native AWS Site to site 192.168.0.0/16

 

In VMX I have created local subnet 10.30.0.0/20 and when trying to ping 192.168.0.22 My Ping coming from the MX 10.196.0.0/20 but route back is using default route and send traffic out via default route. 

 

Im looking for 2 solution.

1. How to back route from AWS 192.168.0.0/16 via VMX to MX.

2. How to deploy Native AWS S2S to vMX and this config not deploy to MX, then create new Native AWS S2S  to MX100. This is not possible because configuration for S2S is deployed automatically to all organization firewalls and I have overlapping subnets 192.168.0.0/16 if try to create  MX > AWS  AND vMX > AWS . 

 

 

0 Kudos
3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 30 2018 12:50 PM
‎Oct 30 2018 12:50 PM

If you are using a vMX in AWS - why would you want to use a seperate VPN?

0 Kudos
In response to PhilipDAth
Jpoljic
New here
‎Oct 30 2018 1:01 PM
‎Oct 30 2018 1:01 PM

vMX is in different AWS environment and 192.168.0.0/16 is in another AWS environment.

 

vMX - AWS A

192.168.0.0/ - AWS B

 

No VPC peering between AWS A and AWS B

0 Kudos
In response to Jpoljic
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 30 2018 1:42 PM
‎Oct 30 2018 1:42 PM

Non-meraki VPN routes can not be distributed via AutoVPN.

 

So you would need to build a VPN from the 192.168.0.0/16 AWS environment to both the vMX and the on-premise MX.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.