Meraki

Community

AutoVPN + external VPN

timmyver
New here
12 hours ago
12 hours ago

AutoVPN + external VPN

Hey, 

we have a setup with a VMX in the cloud which servers as a Hub for our Remote Site(Spokes). So it's Hub and spoke setup with different site.

Now for a new site we want to have a VLAN from site 1 connected to a VLAN in Site 2 directly without connecting it out Hub and Spoke. So that those VLAN's are separated from our Environment.

From the gui it doesn't look possible, does anybody have a idea.

 

For the routing we use BGP to our Virtual Wan in Azure so we don't want the route injected to our Global Virtual WAN.

0 Kudos
3 Replies 3
ww
Kind of a big deal
Kind of a big deal
11 hours ago
11 hours ago

The closest you get would be making  one of that locations also a hub. And connect the one spoke location also to that (new) 2nd hub.  Then the spoke  would connect directly to the advertised vlans on that 2nd hub

GreenMan
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
10 hours ago
10 hours ago

Bear in mind that, if you want to limit access to those destinations, however you interconnect them (either by making one a Hub, the other a connected Spoke - or make them both Hubs) you will absolutely need to use VPN firewall rules to deny all VPN-routed subnets from accessing the target subnets, except the very specific ones you need to work:   https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings#VPN_Firewall_Rules   https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings#VPN_Firewall_Rules

timmyver
New here
9m ago
9m ago

Hey we could do it with deny rules but even then the route is injected in our routing Table and advertised through our whole VWAN and we want to avoid that.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.