I have a scenario where ALL traffic from the MX is to traverse a VPN to the internet via a centralised cloud security service.
The 3rd party VPN advertises the 0.0.0.0/0 so that the VPN is used as the default gateway.
Its working fine.
However there will be exceptions where some LAN traffic will be required to use the WAN 0.0.0.0/0 to retain the local sites source IP in the UK for web site / vpn authentication purposes and not the VPN 0.0.0.0/0.
The MX has the ability to add static routes however they only apply to LAN interfaces and do not override the 0.0.0.0/0 behavior.
I tried adding a static to Google 18.104.22.168/32 and passing it to a LAN port VLAN that was not in the 'use VPN' list however the traffic got terminated by the MX which returns pings <1ms so its staying local.
I guess I could add a static to a 3rd party device on a VLAN in my attempt to get the traffic to 22.214.171.124 to use a different path to the internet but that means adding additional LAN hardware.
Can anyone think how the MX could be configured to route specific traffic via the WAN 0.0.0.0/0 and override the VPN learned 0.0.0.0/0 ?
This is so frustrating as all we need is a static routing capability that works with WAN interfaces and not just LAN so we can override the default path.
That is a tricky one.
You might be able to add a second Internet circuit and use traffic shaping to force the traffic out the second WAN port.
Have you contacted someone at support? They seem to have a few tricks up their sleeves that are not publicly shared. Perhaps run your scenario with them and see if they can build you a solution.
I have spoken with our Meraki SE and he thinks that bypassing a Meraki - Meraki VPN is something they do support for SDWAN features but we're not sure if this also works for 3rd parties well, at least I cannot find a way to do it 🙂
Just wondered if this has ever come up before.
I have spoken with our Meraki SE and he thinks that bypassing a Meraki - Meraki VPN is something they do support for SDWAN features
I am interested in this solution in a full Meraki VPN environment.
How do we route traffic from a local vlan X to the local Internet Breakout, and traffic from a vlan Y to a centralized Internet through the VPN?