How can I bypass a 3rd Party VPN that is advertising the default route.
I have a scenario where ALL traffic from the MX is to traverse a VPN to the internet via a centralised cloud security service.
The 3rd party VPN advertises the 0.0.0.0/0 so that the VPN is used as the default gateway.
Its working fine.
However there will be exceptions where some LAN traffic will be required to use the WAN 0.0.0.0/0 to retain the local sites source IP in the UK for web site / vpn authentication purposes and not the VPN 0.0.0.0/0.
The MX has the ability to add static routes however they only apply to LAN interfaces and do not override the 0.0.0.0/0 behavior.
I tried adding a static to Google 220.127.116.11/32 and passing it to a LAN port VLAN that was not in the 'use VPN' list however the traffic got terminated by the MX which returns pings <1ms so its staying local.
I guess I could add a static to a 3rd party device on a VLAN in my attempt to get the traffic to 18.104.22.168 to use a different path to the internet but that means adding additional LAN hardware.
Can anyone think how the MX could be configured to route specific traffic via the WAN 0.0.0.0/0 and override the VPN learned 0.0.0.0/0 ?
This is so frustrating as all we need is a static routing capability that works with WAN interfaces and not just LAN so we can override the default path.
Re: How can I bypass a 3rd Party VPN that is advertising the default route.
I have spoken with our Meraki SE and he thinks that bypassing a Meraki - Meraki VPN is something they do support for SDWAN features but we're not sure if this also works for 3rd parties well, at least I cannot find a way to do it 🙂
I have spoken with our Meraki SE and he thinks that bypassing a Meraki - Meraki VPN is something they do support for SDWAN features
I am interested in this solution in a full Meraki VPN environment. How do we route traffic from a local vlan X to the local Internet Breakout, and traffic from a vlan Y to a centralized Internet through the VPN?