I have 6 Meraki's with AutoVpn working great, recently added a site to site vpn to a cisco asa. I do not know how to get my traffic to flow to that new vpn. The new vpn will only use rdp. Can someone please help me setup a route to be able to rdp to a server on the new vpn?
I understand we need to introduce an additional router (Preferably MX) in our network at the HUB Location to inject Non-Meraki routes into AutoVPN.
Aaron created the following document explaining this in an awesome manner.
Forgive me here, because I am not a network guru. Is there a way to do this without incurring the cost of buying another MX? By adding a/some static routes?
Assuming Site Alpha and Site Beta. You have AutoVPN between Alpha and Beta. Alpha also has static routes to Vendor Gamma.
If you want Site Beta to access Vendor Gamma by traffic path Beta -> Alpha -> Gamma, you need an additional device due to how AutoVPN works.
Otherwise, I'd spin up a tunnel between Beta and Gamma.
Possibly share your existing network info (subnets, map, VPN settings, etc.)
Might need to add the asa subnet to the Meraki non-Peer VPN settings.
I just need a route from my main office to the Cisco ASA, the other offices do not need to be able to get to the ASA. Can someone help me create that route?
You might want to look this over
Have you added the 172.16.0.0/24 to the private subnet on the MX VPN settings?
Can ping from MX to ASA and vice versa?
Have you added the 172.16.0.0/24 to the private subnet on the MX VPN settings? I do not know where to do that at. I am not a network person, I was able to get them connected, but need that route.
I can ping their internet IP but nothing internal. like rdp to 172.16.0.12
This is on the site-to-site VPN settings side of the MX. Where it says private Private subnets you will need 172.22.0.0/24 listed in there.
If it fair to say the ASA ip is 172.22.0.1, can you ping that IP from the MX tools menu?
If you check the VPN Status page and then Choose your MX/Network. Then choose non-Meraki peer button you should see the VPN status button is green. Also you will see what subnets are used. You could try running an IP scan on the subnets to see if you can find the ASA.
Turns out the vendor vpn was not working properly, they moved it to a different firewall and I can ping their internal address. Thank you for all your replies, I am slowly learning how this works, much appreciated.