Meraki

Community

Client VPN to/from non-meraki site VPN

300baud
Conversationalist
‎Jul 9 2022 3:18 PM
‎Jul 9 2022 3:18 PM

Client VPN to/from non-meraki site VPN

Hello, 

 

Have the following setup on the head office MX:

  • 2 non Meraki VPN peers - providing access to azure and aws.  
  • Client VPN server (IPSec)

(we also have a number of remote office MX devices - our site-2-site config is Hub)

 

Client VPN subnet is 10.10.1.0/24

AWS private subnet is 10.10.240.0/20

Head Office main network is 10.10.200.0/24

 

When I am on the HO network (Mac has 10.10.200.x local IP) traffic to/from AWS is fine

When I am coming in via client VPN (Mac has 10.10.1.x IP), I cannot route to/from AWS

 

Is there a way to add a specific route so that client VPN traffic can route to AWS?

 

What I don't want is any of the remote office MX traffic to be able to pass and preferably would like to lock down client VPN to just my assigned IP (eg: 10.10.1.38)

 

This other community post I thought might help but the reference material is no longer available

 

Also to add - don't need traffic from spoke MX's to be able to access AWS.

 

Thanks

Labels:
0 Kudos
1 Reply 1
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 10 2022 1:24 PM
‎Jul 10 2022 1:24 PM

You would need to configure AWS to include 10.10.1.0/24 in its remote encryption domain.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.