I have 1 MX 250 is setup as a hub ( One arm concentrator mode) in our corporate location and the MX Z3 as the spoke, I see the S2S is up from Meraki dashboard, however I cannot ping or use any traffic between the VPN, The config is follows,
HUB
------
Local networks RFC1918Group
Spoke VLAN/Subnet , Remote network 192.168.128.0/29
Spoke subnet is advertised to get to the Meraki hub from core switch
Can some one help please
On the Security Appliance>Site to Site VPN page in the 'VPN Settings' section is your Local Network subnet set to 'Use VPN' 'Yes'?
Yes, that is already setup as Yes
If you don't already have one you'll need a static route on the Router that's the gateway for the concentrator that points to the concentrator for the VPN subnet.
So if your z3 clients are 192.168.100.0/24 then you need a route for 192.168.100.0/24 in your network that points to the concentrator.
Does that help?
I have the static route already configured on the gateway to point to the Hub for the remote site, but I ma not sure why there is no communication over the VPN..
If you are using the Meraki Hub/Spoke I don't think you should need any static routes as long as the desired LANs are set to 'Use VPN' 'Yes'. View Security Appliance>Route Table and search for the subnet of the spoke site and it should show something like this with a green bubble in the status.
Meraki VPN: VLAN Peer: Spoke Name - appliance
@Adam we might be talking about different things. Not a static route on the MX, but one on the gateway for the MX, whatever router that is. This way the rest of the network can reach the remote subnet.
@Dilkush123 Huh, if you have both things Adam and I suggested then I'm at a bit of a loss. Can you post up some configs of the MX? and maybe the routing table on the gateway?
From the dashboard, can you ping the inside lan address of the remote MX over AutoVPN?
To all,
Thanks for your help, I have the configuration was fine, however I had 2 hubs configured to use the same hub subnet ( Kind of DC-DC to failover ) and I have removed the one Hub from the dashboard and it started working as normal.
Now I need to figure out how this DC-DC failover works for the same DC subnets, as the our DC Internally connected using the MPLS, how these same subnets can advertise from both DC end points to our internal network..