Any idea to let outbounds traffic to be routed to another MX84 ?

lffsg
Comes here often

Any idea to let outbounds traffic to be routed to another MX84 ?

Hello

So far we have 2 MX84 and each MX is connected to internet, and 2 MXs are connected by site2site vpn, like

 

(WAN1 : MX1 @US ) <----------Site to Site VPN ----------> ( WAN2 :MX2 @Singapore)

 

and the employees in Singapore uses MX2 network while employees in US uses MX1 network. So far everything works fine; US employees can access internet via WAN1 and Singapore can access internet via WAN2; and both offices can access each other by site2site vpn.

 

However recently we have an issue related to a customer. This customer has a limit for the IP sources for which only US ip address are allowed.

 

So for US employees, no problem as WAN1 is US ip address allocated by US ISP;

but for SG employees the requests to this customer are blocked due to Singapore IP on WAN2.

 

How I can set Meraki for SG office so the requests to this customer (IP list known) will be routed through site2site vpn then traffic to internet from WAN1  ? So both office can call the customer.

 

Thanks very much.

5 Replies 5
Brash
Kind of a big deal
Kind of a big deal

Routing an Internet destined IP address across the SD-WAN tunnel isn't typically supported unless your MX is a one-armed concentrator.

 

If it's a requirement but rarely used, it might be easier to have the Singapore users VPN to the US site when needed.

Check out this thread for some other options too but there's no real 'good' option for this scenario.

Solved: Re: Sending Single Internet Destination Down Auto VPN to Central Site Inter... - The Meraki ...

lffsg
Comes here often

Thank you for your reply!

We also have a vMX100 running on AWS us-east, and connects to the office network as Passthrough or VPN Concentrator. 

Is it possible to route the traffic from Singapore to this vMX100 and then to public internet ?

 

Thanks!

Ryan_Miles
Meraki Employee
Meraki Employee

It would be a hack, but you could try this. I tested it and the path does flow from MX 2 (SG) through MX 1 (US) for the static routes I configure. I don't have a true way to test between countries like you do though.

 

Screenshot 2023-02-22 at 10.33.23 PM.png

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
newnovice
Conversationalist

deleted for wrong reply.

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Typically I solve these kinds of problems by putting a proxy server (such as the free squid) into the US office, and then configure the remote site web browsers to use the proxy server in the US for the specific URL that is geo-locked.

 

The other option (which I have not tried), would be to use Cisco Meraki Cloud Onramp + Umbrella SIG.  You would spin up selecting a Cisco US DC option, and let all Internet traffic for both sites vent out there.

https://documentation.meraki.com/MX/Meraki_Umbrella_SDWAN_Connector/Deployment_Guide 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels