Merkai MX S2S VPn routing issues

Dilkush123
Here to help

Merkai MX S2S VPn routing issues

I have  1 MX 250 is setup as a hub ( One arm concentrator mode) in our corporate location and the MX Z3 as the spoke, I see the S2S is up from Meraki dashboard, however I cannot ping or use any traffic between the VPN, The config is follows,

 

HUB

------

 

Local networks RFC1918Group

Spoke VLAN/Subnet , Remote network 192.168.128.0/29

 

Spoke subnet is advertised to get to the Meraki hub from core switch 

 

Can some one help please 

8 Replies 8
Adam
Kind of a big deal

On the Security Appliance>Site to Site VPN page in the 'VPN Settings' section is your Local Network subnet set to 'Use VPN' 'Yes'?

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

Yes, that is already  setup as Yes

jdsilva
Kind of a big deal

If you don't already have one you'll need a static route on the Router that's the gateway for the concentrator that points to the concentrator for the VPN subnet. 

 

So if your z3 clients are 192.168.100.0/24 then you need a route for 192.168.100.0/24 in your network that points to the concentrator. 


Does that help?

I have the static route already configured on the gateway to point to the Hub for the remote site, but I ma not sure why there is no communication over the VPN..

 

 

Adam
Kind of a big deal

If you are using the Meraki Hub/Spoke I don't think you should need any static routes as long as the desired LANs are set to 'Use VPN' 'Yes'.  View Security Appliance>Route Table and search for the subnet of the spoke site and it should show something like this with a green bubble in the status.

 

Meraki VPN: VLAN Peer: Spoke Name - appliance

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
jdsilva
Kind of a big deal

@Adam we might be talking about different things. Not a static route on the MX, but one on the gateway for the MX, whatever router that is. This way the rest of the network can reach the remote subnet. 

 

 @Dilkush123 Huh, if you have both things Adam and I suggested then I'm at a bit of a loss. Can you post up some configs of the MX? and maybe the routing table on the gateway?

PhilipDAth
Kind of a big deal
Kind of a big deal

From the dashboard, can you ping the inside lan address of the remote MX over AutoVPN?

To all,

 

Thanks for your help, I have the configuration was fine, however I had 2 hubs configured to use the same hub subnet ( Kind of DC-DC to failover ) and I have removed the one Hub from the dashboard and it started working as normal.

 

Now I need to figure out how this DC-DC failover works for the same DC subnets,  as the our DC Internally connected using the MPLS, how these same subnets can advertise from both DC end points to our internal network..

Get notified when there are additional replies to this discussion.