Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Any idea to let outbounds traffic to be routed to another MX84 ?

lffsg
Comes here often
‎Feb 22 2023 6:49 PM
‎Feb 22 2023 6:49 PM

Any idea to let outbounds traffic to be routed to another MX84 ?

Hello

So far we have 2 MX84 and each MX is connected to internet, and 2 MXs are connected by site2site vpn, like

 

(WAN1 : MX1 @US ) <----------Site to Site VPN ----------> ( WAN2 :MX2 @Singapore)

 

and the employees in Singapore uses MX2 network while employees in US uses MX1 network. So far everything works fine; US employees can access internet via WAN1 and Singapore can access internet via WAN2; and both offices can access each other by site2site vpn.

 

However recently we have an issue related to a customer. This customer has a limit for the IP sources for which only US ip address are allowed.

 

So for US employees, no problem as WAN1 is US ip address allocated by US ISP;

but for SG employees the requests to this customer are blocked due to Singapore IP on WAN2.

 

How I can set Meraki for SG office so the requests to this customer (IP list known) will be routed through site2site vpn then traffic to internet from WAN1  ? So both office can call the customer.

 

Thanks very much.

0 Kudos
Subscribe
5 Replies 5
Brash
Kind of a big deal
Kind of a big deal
‎Feb 22 2023 8:31 PM
‎Feb 22 2023 8:31 PM

Routing an Internet destined IP address across the SD-WAN tunnel isn't typically supported unless your MX is a one-armed concentrator.

 

If it's a requirement but rarely used, it might be easier to have the Singapore users VPN to the US site when needed.

Check out this thread for some other options too but there's no real 'good' option for this scenario.

Solved: Re: Sending Single Internet Destination Down Auto VPN to Central Site Inter... - The Meraki ...

0 Kudos
Subscribe
In response to Brash
lffsg
Comes here often
‎Feb 22 2023 9:11 PM
‎Feb 22 2023 9:11 PM

Thank you for your reply!

We also have a vMX100 running on AWS us-east, and connects to the office network as Passthrough or VPN Concentrator. 

Is it possible to route the traffic from Singapore to this vMX100 and then to public internet ?

 

Thanks!

0 Kudos
Subscribe
Ryan_Miles
Meraki Employee
Meraki Employee
‎Feb 22 2023 10:32 PM
‎Feb 22 2023 10:32 PM

It would be a hack, but you could try this. I tested it and the path does flow from MX 2 (SG) through MX 1 (US) for the static routes I configure. I don't have a true way to test between countries like you do though.

 

Screenshot 2023-02-22 at 10.33.23 PM.png

Subscribe
newnovice
Conversationalist
‎Feb 23 2023 12:40 AM
‎Feb 23 2023 12:40 AM

deleted for wrong reply.

 

 

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 23 2023 10:44 AM
‎Feb 23 2023 10:44 AM

Typically I solve these kinds of problems by putting a proxy server (such as the free squid) into the US office, and then configure the remote site web browsers to use the proxy server in the US for the specific URL that is geo-locked.

 

The other option (which I have not tried), would be to use Cisco Meraki Cloud Onramp + Umbrella SIG.  You would spin up selecting a Cisco US DC option, and let all Internet traffic for both sites vent out there.

https://documentation.meraki.com/MX/Meraki_Umbrella_SDWAN_Connector/Deployment_Guide 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.