Client VPN to/from non-meraki site VPN


Client VPN to/from non-meraki site VPN



Have the following setup on the head office MX:

  • 2 non Meraki VPN peers - providing access to azure and aws.  
  • Client VPN server (IPSec)

(we also have a number of remote office MX devices - our site-2-site config is Hub)


Client VPN subnet is

AWS private subnet is

Head Office main network is


When I am on the HO network (Mac has 10.10.200.x local IP) traffic to/from AWS is fine

When I am coming in via client VPN (Mac has 10.10.1.x IP), I cannot route to/from AWS


Is there a way to add a specific route so that client VPN traffic can route to AWS?


What I don't want is any of the remote office MX traffic to be able to pass and preferably would like to lock down client VPN to just my assigned IP (eg:


This other community post I thought might help but the reference material is no longer available


Also to add - don't need traffic from spoke MX's to be able to access AWS.



Kind of a big deal
Kind of a big deal

You would need to configure AWS to include in its remote encryption domain.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.