Meraki

Community

Connect Z3 like Client VPN

Solved
cfemfrl
Here to help
‎May 27 2021 2:53 PM
‎May 27 2021 2:53 PM

Connect Z3 like Client VPN

Not sure if my subject line is correct, but here's what I have:

 

Four buildings with hub site-to-site VPN on MX84 - stable for long time

An underutilized Z3 that is spoke site-to-site VPN to "Building A" - stable for long time

I often connect my laptop from anywhere using Meraki's Client VPN to "Building A" w/ Cloud Authentication. - also stable for long time.

 

What I now need to do: Deploy Z3 elsewhere.

 

I have most things on the Z3 set up as desired.... I can get to data anywhere in the four buildings. 

 

My issue is with outbound internet traffic.  Traffic going to the internet is broadcast with the Z3's internet provider's IP.  Conversely, when I am on my laptop Client VPN-ing, my outbound internet traffic is broadcast with Building A's external IP.  I need the Z3 to act this way (broadcast A's IP) but am unsure on how to do this.

 

I was going to try things like VPN Concentrator but it seems some of these changes might have unintended consequences with my VLAN configs, etc.  So out of caution, I ask here instead of experiment.

 

 

 

 

 

 

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 27 2021 8:07 PM
‎May 27 2021 8:07 PM

Configure the Z3 to use "default route" to the site with the IP address you want to see your traffic coming from.

 

PhilipDAth_0-1622171264199.png

 

 

 

View solution in original post

4 Replies 4
Bruce
Kind of a big deal
‎May 27 2021 3:13 PM
‎May 27 2021 3:13 PM

Not sure exactly what you are trying to achieve, what IP addresses do you want your internet traffic to come from? This is controlled by whether you use a full tunnel or a split tunnel for the AutoVPN, which is driven by the ‘default route’ settings on the site-to-site VPN page. Have a read through this if you haven’t already, https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings 

In response to Bruce
cfemfrl
Here to help
‎May 27 2021 3:17 PM
‎May 27 2021 3:17 PM

Not sure exactly what you are trying to achieve, what IP addresses do you want your internet traffic to come from?

 

I want anyone connected to the Z3 to have Building A's IP. 

My laptop (non-Z3, connected anywhere) has Building A's IP when I am Client VPN'ed to it.  

 

Sorry if I am unclear.

 

Thanks for replying and the link; will check it out!

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 27 2021 8:07 PM
‎May 27 2021 8:07 PM

Configure the Z3 to use "default route" to the site with the IP address you want to see your traffic coming from.

 

PhilipDAth_0-1622171264199.png

 

 

 

In response to PhilipDAth
cfemfrl
Here to help
‎May 28 2021 1:48 PM
‎May 28 2021 1:48 PM

Thanks to you both... You are right, @Bruce, it's right there in that link/document:

 

Default Route

When configuring Hubs for a Spoke, there is an option to select a hub as being a Default route. If this option is selected, then that hub will be configured as a default route for the Spoke (0.0.0.0/0). Any traffic that is not sent to a configured VPN peer network, static route or local network will be sent to the default route

 

I checked that box, and outbound traffic is from Building A IP as desired.  Thanks again for helping out a novice!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.