Meraki

Community

Connecting Non-Meraki peer to multiple MX WAN setup without using Exit Hub

Solved
JordanCN
Getting noticed
‎Jul 13 2023 12:34 PM
‎Jul 13 2023 12:34 PM

Connecting Non-Meraki peer to multiple MX WAN setup without using Exit Hub

I have about a half dozen sites setup with MX 84 devices with AutoVPN setup.  All site can commuicate fine.

 

Site 1: 172.16.10.x

Site 2: 172.16.20.x

Site 3: 172.16.30.x

etc, etc, etc

 

We need to connect to a vendor's infrastructure so we setup a Non-Meraki Peer to the Public IP of their appliance and the Local ID is the external IP of the MX at Site 1. I can communicate to the vendor's infrastructure from Site 1, but I need all six sites to traverse the tunnel.

 

From what I understand I can setup Site1's MX as an Exit Hub so all traffic routes through Site 1, but I really only want the traffic for the vendor's subnets to travel through Site 1. Is this possible or do I have to setup Non-Meraki VPN Peers to each of the external IPs of every MX device with my vendor?

Labels:
0 Kudos
1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 13 2023 1:36 PM
‎Jul 13 2023 1:36 PM

It is not possible to route the network of Non-Meraki VPN Peers inside the SD-WAN. You need to create a tunnel with each site.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

0 Kudos
2 Replies 2
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 13 2023 1:36 PM
‎Jul 13 2023 1:36 PM

It is not possible to route the network of Non-Meraki VPN Peers inside the SD-WAN. You need to create a tunnel with each site.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Aquatera
New here
‎Aug 9 2023 7:34 AM
‎Aug 9 2023 7:34 AM

I was looking to do the exact same thing, as we have multiple sites that we currently route back over an MPLS network and out via an ASA site-to-site VPN from our DC to a 3rd party monitoring provider, the WAN IP's can float between DC's for resiliency meaning multiple sites only need a single VPN from the DC.  The MPLS is going, and all sites will have MX's installed and was hoping we could do the same thing with them, but looks like it's not possible.

 

I am hoping a feature request has been put in for this and we will see it one day?

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.