cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How can I make this site to site VPN work?

Getting noticed

How can I make this site to site VPN work?

Hey Meraki Community,

 

How can I route traffic from a private subnet across a non-Meraki VPN out the WAN on our MX84?

 

We have a handful of websites that compliance only allows our WAN IPs to access. We added a site to site VPN tunnel witih a non-Meraki peer which is up and working. The goal is the remote subnet attempts to access specific websites, the remote non-Meraki VPN peer routes that out the WAN on the MX so it has the allowed public IP.

 

Is this possible?

5 REPLIES 5
Getting noticed

Re: How can I make this site to site VPN work?

I am reading through more documentation now to see if I can find something on this

Head in the Cloud

Re: How can I make this site to site VPN work?

Hmm, the configuration of IPsec VPN peers does not have the ability to insert 0.0.0.0/0 as local network so the other side will not be able to use 0.0.0.0/0 as remote network so I fear that setup is not supported.

 

You could only fix it by putting an MX/Z appliance at that remote site and use full tunnel.

Getting noticed

Re: How can I make this site to site VPN work?

Ok so we have the tunnel up and here is what is happening:

 

On Non Meraki VPN side:

- Client can ping our MX and receive response back without issue

- Client then attempts to access www.website.com but doesn't get a response back

 

Any idea why Meraki is not routing the traffic back across the VPN tunnel?

Head in the Cloud

Re: How can I make this site to site VPN work?

Integration of external S2S into MX routing is - let’s say - limited ...

What about placing a proxy server into your HQ DMZ and use that to access the external websites? 

Getting noticed

Re: How can I make this site to site VPN work?

Yeah I am starting to realize that. Meraki support doesn't think there is an option. The Juniper engineer on the phone was not impressed, couldn't believe Meraki can't route S2S traffic to WAN from anything but a Meraki. They are escalating this to product team to make sure nothing is missed here.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.