Client VPN to AWS not possible while also connecting Default to AWS?

SOLVED
Brian68
Conversationalist

Client VPN to AWS not possible while also connecting Default to AWS?

I just got off of a call with Meraki Tech Support and they told me that we will be unable to have our VPN Clients connect to our Meraki firewall and reach the hosts we have in AWS connected as Non-Meraki VPN peers. We don't want the AWS hosts to be accessible unless someone is connected to our network. They said this is a known limitation and that during calls with other customers with AWS on the phone they all agreed it was not possible. Is this true? Has anyone come up with a solution to work around this? If I were to introduce an additional piece of gear to be exclusively a VPN Client gateway could it connect clients to what our MX thinks is the "default" network and then allow VPN client to reach things in AWS?

 

Any suggestions would be appreciated.

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

That should work.

 

Depending on how many users you have, you might find the VMX cheaper ...

View solution in original post

3 REPLIES 3
PhilipDAth
Kind of a big deal
Kind of a big deal

That is correct.  The best solution is to put a VMX into AWS.  The VMX-S is not too expensive.

https://meraki.cisco.com/product/security-sd-wan/virtual-appliances/vmx-small/ 

Could we use the Amazon VPN Client configured with a Client VPN Endpoint on a VPC to access AWS and then leverage the non-Meraki peers to access resources at the main office behind the MX appliance?

PhilipDAth
Kind of a big deal
Kind of a big deal

That should work.

 

Depending on how many users you have, you might find the VMX cheaper ...

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels