Help needed to advertise remote vpn route to branches
Hi guys, I've a situation here for one of our customers site. The situation is like this.
sites situation: HQ (1 MX84 and 1 MS120) and 8 Branches (each has 1 MX68 and 1 MS120) with each sites using ip subnet in 172.16.X.X range. All sites is in mesh vpn to each other.
HQ MX is in routed mode (multiple vlans interface configured on MX) due to only using layer2 switch (MS120)
HQ MX have non-meraki-vpn connection to AWS cloud for user servers (remote subnet 10.0.0.0/8). I need to configure so that branches can reach AWS cloud through HQ MX.
I've read on documentation, "Please note if MX devices in Routed mode only support OSPF on firmware versions 13.4+, with VLANs disabled. OSPF is otherwise supported when the MX is in passthrough mode on any available firmware version. This can be set under Security & SD-WAN > Configure > Addressing & VLANs. "
How can i advertise remote subnet 10.0.0.0/8 to branches because I cant enable OSPF here at HQ MX due restriction above? I cant disable the vlans there at HQ. Was there other alternative method to make sure branches can reach AWS cloud servers through HQ MX.
In this case, I think you have tow possible solutions. Like @ww said you have to configure non-meraki-vpn with every branch to that destination, or you can configure S2S in your HQ with another system (like a Linux for example), create a static route and advertise on auto VPN.
You cant access non-meraki-vpn routes through other locations autovpn. Every branch need a non-meraki-vpn to that destination .
if you want the route to be available through HQ you need another device behind the HQ mx and let that device build the AWS tunnel. then make a static route from mx to that device for aws routes. and advertise that static route in the autovpn