How to share NON Meraki VPN with other Spoke

leorsida
Conversationalist

How to share NON Meraki VPN with other Spoke

Hello,

 

I manage three Meraki devices configured with Auto-VPN: one Meraki functions as the main hub, while the other two are configured as spokes connecting to the main hub. Within the main hub, there is an additional non-Meraki VPN configured. How can I share this VPN with the spokes? I believe I should set up a static route from the spokes to the hub for the VPN networks... how can I proceed?

 

thanks in advance

Daniele

5 Replies 5
ww
Kind of a big deal
Kind of a big deal

Does your main hub (mx) builds the non meraki vpn? 

> Then you need to setup a vpn to that 3rd party from all your mx's

 

 Is it another device behind the hub that builds the vpn?

> Then advertise the static route(s) to that vpn device in the autovpn

 

 

leorsida
Conversationalist

Thanks ww,

 

> Then you need to setup a vpn to that 3rd party from all your mx's

>>I cannot do that, as the VPN is authorized only on the public IP address of the hub.

> Then advertise the static route to that vpn device in the autovpn
> An example? I have another managed device behind the hub that can handle the routes

GreenMan
Meraki Employee
Meraki Employee

WW is correct, you can't hairpin non-Meraki VPN and AutoVPN in the same Hub:   https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior#AutoVPN_and_Non-Meraki_...

Maybe terminate the Non-Meraki VPN on a different device / MX and route between that and your AutoVPN Hub between the LAN interfaces?

leorsida
Conversationalist

Thanks GreenmMan,

 

I suspected this; my initial idea was to direct the traffic towards the other router and consequently forward it to the hub, but by adding the routes for the VPNs in the spokes, the hub's LAN is not recognized. Do you have any tricks in mind?

leorsida
Conversationalist

like this:

 

hub network 192.168.0.0/24, meraki ip 192.168.0.1

router inside network 192.168.0.2 (non meraki)

non meraki vpn connected on hub network 10.0.0.0/24

 

spoke network 192.168.1.0/24, meraki ip 192.168.1.1

 

I would like to add the route 10.0.0.0/24 via 192.168.0.2 on the spoke. 

Does this setup make sense? How can I implement it?

 

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels