Hey Meraki Community,
How can I route traffic from a private subnet across a non-Meraki VPN out the WAN on our MX84?
We have a handful of websites that compliance only allows our WAN IPs to access. We added a site to site VPN tunnel witih a non-Meraki peer which is up and working. The goal is the remote subnet attempts to access specific websites, the remote non-Meraki VPN peer routes that out the WAN on the MX so it has the allowed public IP.
Is this possible?
I am reading through more documentation now to see if I can find something on this
Hmm, the configuration of IPsec VPN peers does not have the ability to insert 0.0.0.0/0 as local network so the other side will not be able to use 0.0.0.0/0 as remote network so I fear that setup is not supported.
You could only fix it by putting an MX/Z appliance at that remote site and use full tunnel.
Ok so we have the tunnel up and here is what is happening:
On Non Meraki VPN side:
- Client can ping our MX and receive response back without issue
- Client then attempts to access www.website.com but doesn't get a response back
Any idea why Meraki is not routing the traffic back across the VPN tunnel?
Integration of external S2S into MX routing is - let’s say - limited ...
What about placing a proxy server into your HQ DMZ and use that to access the external websites?
Yeah I am starting to realize that. Meraki support doesn't think there is an option. The Juniper engineer on the phone was not impressed, couldn't believe Meraki can't route S2S traffic to WAN from anything but a Meraki. They are escalating this to product team to make sure nothing is missed here.