Meraki

Community

Advertise a static route through a third party VPN

JayHylander
Just browsing
‎Nov 10 2022 12:38 PM
‎Nov 10 2022 12:38 PM

Advertise a static route through a third party VPN

My Org has about 24 different networks for our various sites all connected hub and spoke to our main data center.  We have a vendor hosting a service that needs to be accessed via third party VPN but who is constrained by the number of end points they are able/willing to add to their VPN solution.  Is it possible to set up a third party VPN to them on the main data center MX appliance and advertise that route to all of the sites in my org.  I currently have the third party tunnel running at the data center, and the connection works fine from that site. I can't figure out if there is a way to allow other sites to connect through that tunnel.

Labels:
0 Kudos
13 Replies 13
alemabrahao
Kind of a big deal
‎Nov 10 2022 12:44 PM
‎Nov 10 2022 12:44 PM

When you configure a non-Meraki VPN, an entry will be created in the routing table called IPSec Peer. Assuming you configure it in the HUB the route will be announced to all Spokes automatically.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
JayHylander
Just browsing
‎Nov 10 2022 12:51 PM
‎Nov 10 2022 12:51 PM

I am not seeing a subnet for the destination that I can enable for auto-vpn and nothing in the routing table is configurable.

 

JayHylander_0-1668113352140.png

 

0 Kudos
In response to JayHylander
alemabrahao
Kind of a big deal
‎Nov 10 2022 12:53 PM
‎Nov 10 2022 12:53 PM

Take a look on route table after configure S2S VPN.

 

alemabrahao_0-1668113624295.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
JayHylander
Just browsing
‎Nov 10 2022 1:00 PM
‎Nov 10 2022 1:00 PM

Where do you then configure that to be advertised to the spokes?  I don't see that anywhere.

0 Kudos
JayHylander
Just browsing
‎Nov 10 2022 12:59 PM
‎Nov 10 2022 12:59 PM

Right, but where do you configure that to be shared to other sites?  It isn't showing up on any of my other appliances.

0 Kudos
In response to JayHylander
alemabrahao
Kind of a big deal
‎Nov 10 2022 1:06 PM
‎Nov 10 2022 1:06 PM

I'm not sure but I was thinking maybe you have to create an S2S VPN with each site.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
JayHylander
Just browsing
‎Nov 10 2022 1:08 PM
‎Nov 10 2022 1:08 PM

No, that would just mean the vendor would have to create an endpoint for each of my sites, and they aren't willing to do that.  They claim they are unable to do it but haven't given me a reason why.

0 Kudos
In response to JayHylander
alemabrahao
Kind of a big deal
‎Nov 10 2022 1:15 PM
‎Nov 10 2022 1:15 PM

I found this information, but I have never tested It:

 

alemabrahao_0-1668114881505.png

 

https://help.cloudi-fi.com/en/articles/3177550-cisco-meraki-mx-routing-tunnels-deployment

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
JayHylander
Just browsing
‎Nov 10 2022 1:21 PM
‎Nov 10 2022 1:21 PM

No, unfortunately that is just how to make a third party VPN tunnel on one appliance.  I'm just going to open a case with support and see what they say.

0 Kudos
In response to JayHylander
alemabrahao
Kind of a big deal
‎Nov 10 2022 1:23 PM
‎Nov 10 2022 1:23 PM

but in my understanding, in that part specifically, if you want the Spokes to reach that network you need to set the HUB as the default route. I'm going to test this here in my lab.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
alemabrahao
Kind of a big deal
‎Nov 10 2022 1:32 PM
‎Nov 10 2022 1:32 PM

just give me a few minutes.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
ww
Kind of a big deal
Kind of a big deal
‎Nov 10 2022 3:45 PM
‎Nov 10 2022 3:45 PM

You need a tunnel from every mx. Or use another device at the lan side on hq to build the tunnel. And set a static route on hq mx to that device/subnet and advertise that route into vpn

0 Kudos
In response to ww
alemabrahao
Kind of a big deal
‎Nov 10 2022 4:59 PM
‎Nov 10 2022 4:59 PM

@JayHylander I agree with @ww 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.