Not sure if my subject line is correct, but here's what I have:
Four buildings with hub site-to-site VPN on MX84 - stable for long time
An underutilized Z3 that is spoke site-to-site VPN to "Building A" - stable for long time
I often connect my laptop from anywhere using Meraki's Client VPN to "Building A" w/ Cloud Authentication. - also stable for long time.
What I now need to do: Deploy Z3 elsewhere.
I have most things on the Z3 set up as desired.... I can get to data anywhere in the four buildings.
My issue is with outbound internet traffic. Traffic going to the internet is broadcast with the Z3's internet provider's IP. Conversely, when I am on my laptop Client VPN-ing, my outbound internet traffic is broadcast with Building A's external IP. I need the Z3 to act this way (broadcast A's IP) but am unsure on how to do this.
I was going to try things like VPN Concentrator but it seems some of these changes might have unintended consequences with my VLAN configs, etc. So out of caution, I ask here instead of experiment.
Solved! Go to solution.
Configure the Z3 to use "default route" to the site with the IP address you want to see your traffic coming from.
Not sure exactly what you are trying to achieve, what IP addresses do you want your internet traffic to come from? This is controlled by whether you use a full tunnel or a split tunnel for the AutoVPN, which is driven by the ‘default route’ settings on the site-to-site VPN page. Have a read through this if you haven’t already, https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings
Not sure exactly what you are trying to achieve, what IP addresses do you want your internet traffic to come from?
I want anyone connected to the Z3 to have Building A's IP.
My laptop (non-Z3, connected anywhere) has Building A's IP when I am Client VPN'ed to it.
Sorry if I am unclear.
Thanks for replying and the link; will check it out!
Configure the Z3 to use "default route" to the site with the IP address you want to see your traffic coming from.
Thanks to you both... You are right, @Bruce, it's right there in that link/document:
When configuring Hubs for a Spoke, there is an option to select a hub as being a Default route. If this option is selected, then that hub will be configured as a default route for the Spoke (0.0.0.0/0). Any traffic that is not sent to a configured VPN peer network, static route or local network will be sent to the default route
I checked that box, and outbound traffic is from Building A IP as desired. Thanks again for helping out a novice!