Exported subnets - VPN

Solved
svennerski
Here to help

Exported subnets - VPN

I was wondering if anyone would be able to explain exactly what setting to "Use VPN" option does against each of the subnets I have available within our MX appliance:

 

Capture1.JPG

 

When I select "Yes" under the "Use VPN" field, the subnet then appears under the VPN Status page under "Exported subnets":

Capture2.JPG

What does exporting these subnets actually do? Does it just present that subnet to all defined VPNs so traffic is routable between the subnet and remote networks at the end of the VPN? I can't seem find a proper explanation for what it actually does.

 

 

1 Accepted Solution
BrechtSchamp
Kind of a big deal

Yes, both for Meraki AutoVPN and for 3d party VPNs setting the dropdown menu to "yes" means those subnets will participate in the VPN networks.

 

It seems like you're using 3d party VPN. Check this blog by Aaron Willette for more in depth information about it:

https://www.willette.works/merging-meraki-vpns/

 

I'll quote:

Only subnets local to the MX can be advertised to the remote Non-Meraki VPN peer. The subnets specifically selected as Use VPN, yeson the Security appliance > Site-to-site VPN configuration page will be included as the local interesting traffic in the IPSec exchange.

 

View solution in original post

3 Replies 3
JWvE
Here to help

What it basically does is that it tells the other MX appliances in the AutoVPN that they can reach that particular subnet through this MX appliance. 

BrechtSchamp
Kind of a big deal

Yes, both for Meraki AutoVPN and for 3d party VPNs setting the dropdown menu to "yes" means those subnets will participate in the VPN networks.

 

It seems like you're using 3d party VPN. Check this blog by Aaron Willette for more in depth information about it:

https://www.willette.works/merging-meraki-vpns/

 

I'll quote:

Only subnets local to the MX can be advertised to the remote Non-Meraki VPN peer. The subnets specifically selected as Use VPN, yeson the Security appliance > Site-to-site VPN configuration page will be included as the local interesting traffic in the IPSec exchange.

 

svennerski
Here to help

Thanks for the great explanation and the link to the further reading. Very helpful!
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels