Meraki

Community

China based MX84 Internet Access Through NY Based MX100

SteveInNP
Here to help
‎May 11 2021 9:16 AM
‎May 11 2021 9:16 AM

China based MX84 Internet Access Through NY Based MX100

We have an MX100 located in NY and MX84 located in China. Currently our China based users internet requests are being router through the local China  ISP. We need for this traffic to travel through our VPN and out our NY based MX100 to the local ISP. Is there any KB articles available to assist with this or any advice which could point us in the right direction.

 

Thank you.

 

 

0 Kudos
5 Replies 5
BrandonS
Kind of a big deal
‎May 11 2021 9:30 AM
‎May 11 2021 9:30 AM

Not considering any implications with the great firewall, you should be able to simply go to SD WAN > configure > site to site VPN on your China network and choose the exit hub in NY.

- Ex community all-star (⌐⊙_⊙)
In response to BrandonS
BrandonS
Kind of a big deal
‎May 11 2021 9:32 AM
‎May 11 2021 9:32 AM

exit hub is described here: https://documentation.meraki.com/Architectures_and_Best_Practices/Auto_VPN_Hub_Deployment_Recommenda...

- Ex community all-star (⌐⊙_⊙)
rhbirkelund
Kind of a big deal
Kind of a big deal
‎May 11 2021 9:48 AM
‎May 11 2021 9:48 AM

Just putting it out there, the Chinese government doesn’t look to lightly at providing internet access via a VPN out of China.

So the best solution is to keep doing what you’re doing.

 

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
0 Kudos
In response to rhbirkelund
Bruce
Kind of a big deal
‎May 11 2021 2:24 PM
‎May 11 2021 2:24 PM

@SteveInNP here’s the official Meraki documents regarding China AutoVPN, and note the highlighted box regarding internet access, https://documentation.meraki.com/MX/Site-to-site_VPN/China_Auto_VPN. As has already been said if you are attempting to provide internet access to people within China via a VPN that bypasses the Great Firewall you may find yourself on the wrong side of the Chinese government.

PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 11 2021 5:18 PM
‎May 11 2021 5:18 PM

Also note that when you divert access from China out to another country, that some websites inside of China will stop working (China doesn't allow some web sites to be accessed from other countries).

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.