Connectivity

Solved
Shubh3738
Building a reputation

Connectivity

Hi All,

We are able to ping Private cloud's MX 250's  Vlan from the DC Location but unable to ping Data Centre VLAN from the DC Location.

MX 250 configured as an routed mode.

Please guide.

 

Shubh3738_0-1712122793850.png

 

1 Accepted Solution
rhbirkelund
Kind of a big deal
Kind of a big deal

Have you added 10.130.x.x as a static route on your MX250, with the Fortigate as next hop? And advertised it into your VPN towards DC locations?

Otherwise you might need to look into if the Fortigate is blocking traffic.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

View solution in original post

2 Replies 2
rhbirkelund
Kind of a big deal
Kind of a big deal

Have you added 10.130.x.x as a static route on your MX250, with the Fortigate as next hop? And advertised it into your VPN towards DC locations?

Otherwise you might need to look into if the Fortigate is blocking traffic.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
PhilipDAth
Kind of a big deal
Kind of a big deal

Is the VMX configured in "VPN Concentrator" mode rather than "Routed" mode?  This kind of config will only work in "VPN Concentrator" mode.

https://documentation.meraki.com/MX/Other_Topics/vMX_NAT_Mode_Use_Cases_and_FAQ#NAT_Mode_on_the_vMX_...

"vMXs in NAT mode will not advertise subnets that are available on the public/private cloud, so spoke MXs will have to send all their traffic to the vMX, which will then NAT the traffic and send it across its WAN interface into the public/private cloud environment. 

As vMXs in NAT mode function as stateful firewalls, any traffic that is initiated from the cloud environment will be dropped due to the lack of a corresponding flow initiated from the other end, be it Auto-VPN or Client VPN. 

Spokes will have to full tunnel all their traffic to a vMX in NAT mode, if they want to access resources inside the public/private cloud."

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels