Creating a route to Non Meraki VPN

bdw72
Comes here often

Creating a route to Non Meraki VPN

I have 6 Meraki's with AutoVpn working great, recently added a site to site vpn to a cisco asa.  I do not know how to get my traffic to flow to that new vpn.  The new vpn will only use rdp.  Can someone please help me setup a route to be able to rdp to a server on the new vpn? 

12 REPLIES 12
BrechtSchamp
Kind of a big deal

I think this article will help:

https://www.willette.works/merging-meraki-vpns/

AjitKumar
Head in the Cloud

Hi @bdw72,

 

I understand we need to introduce an additional router (Preferably MX) in our network at the HUB Location to inject Non-Meraki routes into AutoVPN.

 

Aaron created the following document explaining this in an awesome manner.

https://www.willette.works/merging-meraki-vpns/

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
bdw72
Comes here often

Forgive me here, because I am not a network guru.  Is there a way to do this without incurring the cost of buying another MX?  By adding a/some static routes?

Nash
Kind of a big deal

Assuming Site Alpha and Site Beta. You have AutoVPN between Alpha and Beta. Alpha also has static routes to Vendor Gamma.

 

If you want Site Beta to access Vendor Gamma by traffic path Beta -> Alpha -> Gamma, you need an additional device due to how AutoVPN works.

 

Otherwise, I'd spin up a tunnel between Beta and Gamma.

SoCalRacer
Kind of a big deal

Possibly share your existing network info (subnets, map, VPN settings, etc.)

 

Might need to add the asa subnet to the Meraki non-Peer VPN settings.

bdw72
Comes here often

Company.jpg

 

I just need a route from my main office to the Cisco ASA, the other offices do not need to be able to get to the ASA.  Can someone help me create that route?

SoCalRacer
Kind of a big deal

You might want to look this over

https://documentation.meraki.com/MX/Site-to-site_VPN/MX_to_Cisco_ASA_Site-to-site_VPN_Setup

 

Have you added the 172.16.0.0/24 to the private subnet on the MX VPN settings?

 

Can ping from MX to ASA and vice versa?

bdw72
Comes here often

Have you added the 172.16.0.0/24 to the private subnet on the MX VPN settings?  I do not know where to do that at.  I am not a network person, I was able to get them connected, but need that route.

 

I can ping their internet IP but nothing internal.  like rdp to 172.16.0.12

SoCalRacer
Kind of a big deal

This is on the site-to-site VPN settings side of the MX. Where it says private Private subnets you will need 172.22.0.0/24 listed in there.

SoCalRacer_0-1576250867482.png

If it fair to say the ASA ip is 172.22.0.1, can you ping that IP from the MX tools menu?

bdw72
Comes here often

That part is setup, yes.  I do not know what the internal ASA IP is, but i tried pinging the 0.1 address and no luck.

SoCalRacer
Kind of a big deal

If you check the VPN Status page and then Choose your MX/Network. Then choose non-Meraki peer button you should see the VPN status button is green. Also you will see what subnets are used. You could try running an IP scan on the subnets to see if you can find the ASA.

bdw72
Comes here often

Turns out the vendor vpn was not working properly, they moved it to a different firewall and I can ping their internal address.  Thank you for all your replies, I am slowly learning how this works, much appreciated.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels