So have about 8 sites running either mx84 or 100. Theres a 3rd party that runs special software that creates a VPN with their hardware to allow machines to print from that software. To accomplish that they just have an inside interface on our side and i setup a route in the mx to send software for that traffic to that Inside IP and they forward through the vpn. Problem I have at one site is it doesn't have that 3rd party hardware and needs to use one of the other sites. I can't put the route in because next hop would be invalid. Is there a trick with advertising the route created at another site or another way to do it?
Solved! Go to solution.
The first requirement is to have Meraki AutoVPN enabled in all your sites.
Then in Security & SD-WAN > Site-to-site VPN of the network where you have setup the static route, you will see that destination subnet listed in the Local Networks.
When you change the dropdown from "no" to "yes" for that entry, it will be announced inside the AutoVPN network. Now your other sites will be able to use the static route going through Meraki AutoVPN.
go to the static route and select (in vpn)
how would i do that? So at a site I want to use i check in vpn, but what needs to be done at the other site? and what happens at the other sites that already have a static route becuase they have the 3rd party equipment onsite?
the other sites are learning that route.
https://documentation.meraki.com/MX/Networks_and_Routing/MX_Addressing_and_VLANs
for route priority look here:
https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior
The first requirement is to have Meraki AutoVPN enabled in all your sites.
Then in Security & SD-WAN > Site-to-site VPN of the network where you have setup the static route, you will see that destination subnet listed in the Local Networks.
When you change the dropdown from "no" to "yes" for that entry, it will be announced inside the AutoVPN network. Now your other sites will be able to use the static route going through Meraki AutoVPN.
not sure I'm following. I do use autovpn in mesh. I am advertising the subnet for the data vlan (which is where the 3rd party inside interface sits as well) i talk to other devices from the other site to that one (and all others) with no issue. But i need to be able to route specific traffic out one site only the this particular location as they share the same vendor. I've enabled advertisement of that route in vpn. Not sure what i need to do on the other site to make sure it can use it
so after advertising it appears that route is in the other side route table. So thats all that needs to be done then?
Yes.
Let's say in one of the sites you have a static route pointing to 172.18.0.0/24 with the gateway set to 10.8.44.25.
In that list I showed you there should then be a 172.18.0.0/24 entry for that specific site. If the dropdown is set to yes, then all your sites should be able to use that route. If they have their own direct route over the local hardware it will be preferred due to the route preferences in the MX, refer to the link @ww shared.
I think what threw me was you saying drop down.. I see drop downs for the subnet advertisement, but the route was just a check box on the route config page. Thanks!
Hello!
What is the difference between setting the route here under Security & SD-WAN > Site-to-site VPN > Local Networks to YES under 'Use VPN' and ticking the box 'In VPN' from creating a static route under Addressing & VLANs?
https://documentation.meraki.com/MX/Networks_and_Routing/MX_Addressing_and_VLANs
Thank you!