cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Communication between Meraki VPN connected locations and non Meraki connected VPN Locations

SOLVED
Highlighted
Here to help

Communication between Meraki VPN connected locations and non Meraki connected VPN Locations

We use Meraki MX 250 at Hub and MX 64 / 65 at spoke locations. Connectivity is seamless and works well.

We created a non-Meraki VPN between MX 250 (from Hub location) and AWS Cloud i.e IPsec VPN.

Able to reach AWS IP subnet from HUB, but not from spokes (MX 64 / 65), whereas all the spokes can reach the HUB without any issue.

AWS confirmed that they are allowing all the subnets of ours i.e 192.168.0.0

Can anyone advise?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal
Kind of a big deal

Re: Communication between Meraki VPN connected locations and non Meraki connected VPN Locations

6 REPLIES 6
Highlighted
Kind of a big deal
Kind of a big deal

Re: Communication between Meraki VPN connected locations and non Meraki connected VPN Locations

Highlighted
Here to help

Re: Communication between Meraki VPN connected locations and non Meraki connected VPN Locations

Helpful document. Thank you.
Is there a way to address this without an additional MX ?
Observed that all the Spoke MXs have the route to AWS i.e NON-Meraki IPSec VPN is visible. Of course, they cannot connect directly to AWS.
Highlighted
Kind of a big deal

Re: Communication between Meraki VPN connected locations and non Meraki connected VPN Locations

The generally accepted solution is to use an additional firewall to terminate the third party VPN connections, either inside another Meraki organization or using a different model of firewall entirely.

 

Your other option is to stand up tunnels between your spokes and your third party VPN. 

 

It's currently working as intended when AutoVPN won't let you use third party tunnels.

Highlighted
Here to help

Re: Communication between Meraki VPN connected locations and non Meraki connected VPN Locations

Thank you. Shall plan for an additional MX as there is no proven option other than it.
Highlighted
Kind of a big deal

Re: Communication between Meraki VPN connected locations and non Meraki connected VPN Locations

You can not route a spoke through AutoVPN and then out a non-Meraki VPN.

 

You need to build a VPN from each spoke to the non-Meraki destination.

Highlighted
Here to help

Re: Communication between Meraki VPN connected locations and non Meraki connected VPN Locations

Thank you for your inputs.

The DOCUMENT shared by you helped & worked.

 

Regards,

RajaSekhar

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.