How can I route traffic from a private subnet across a non-Meraki VPN out the WAN on our MX84?
We have a handful of websites that compliance only allows our WAN IPs to access. We added a site to site VPN tunnel witih a non-Meraki peer which is up and working. The goal is the remote subnet attempts to access specific websites, the remote non-Meraki VPN peer routes that out the WAN on the MX so it has the allowed public IP.
Hmm, the configuration of IPsec VPN peers does not have the ability to insert 0.0.0.0/0 as local network so the other side will not be able to use 0.0.0.0/0 as remote network so I fear that setup is not supported.
You could only fix it by putting an MX/Z appliance at that remote site and use full tunnel.
Yeah I am starting to realize that. Meraki support doesn't think there is an option. The Juniper engineer on the phone was not impressed, couldn't believe Meraki can't route S2S traffic to WAN from anything but a Meraki. They are escalating this to product team to make sure nothing is missed here.