Team,
We have two sites with HO having Meraki One arm configured as VPN Concentrator. The branch location is with Meraki configured in routed mode. We have auto vpn configured between these and HO Meraki is hub for the Branch location. Hence all the traffic including Internet flows through HO location. We have a requirement to have Office 365 traffic breakout locally from Branch office rather getting back hauled from HO locations. Please let us know how we can configure this.
Thanks
I think this could simply be done with a split tunnel.
https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Settings
Sections : Default Route / Tunneling
Thank you for your response. Unfortnately I have MX100 not a MX-Z. I do not get this option of split tunnel.
On your MX that is configured in routed mode you should be able to see those options :
Security & SD-WAN -> Site-to-site VPN
Those options are not available on the MX that is configured as one-arm VPN concentrator
Thank you. Yes I can see these options on my branch meraki. We have configured as hub mesh on my branch. Where can I see the split tunnel option?
@VAdmin wrote:Thank you for your response. Unfortnately I have MX100 not a MX-Z. I do not get this option of split tunnel.
Don't panic there's no such thing as an MX-Z, that's just Meraki speak for "any MX or Z device", Z being the teleworker devices.
Okay got it thanks
Why not let the Office users communicate directly with Office365/Azure cloud? Its encrypted. Local directories may be synch'ed with OneDrive.
Yes right I want the office users to communicate directly without going through the tunnel. Hence looking for that configuration.
I'm a bit hazy on this, but I'm pretty sure support can enable the bypassing of full tunnel for specific IP addresses/ranges. You have to open a support case. I would do this and ask about those capabilities.
Your problem will be that Office 365 will have lots and lots of IP address ranges.
I would investiagte re-engineering the network so you don't use a centralised Internet access and instead use local break out for everything.
I would investigate re-engineering the network so you don't use a centralised Internet access and instead use local break out for everything.
I absolutely endorse this suggestion from @PhilipDAth . We have moved to having all servers/storage in the Cloud and being very SAASy.
It works, and it is very cost effective.
Thank you.
Quote -
Your problem will be that Office 365 will have lots and lots of IP address ranges.
Conveniently, MS has a new service to supply the required IP addresses - Office 365 URLs and IP address ranges