Meraki

Community

IP Sec non Meraki Between 2 Organization - Spoke under Hub can reach other network

roapeer
New here
yesterday
yesterday

IP Sec non Meraki Between 2 Organization - Spoke under Hub can reach other network

 
Hallo Guys,
I want to ask. i have 2 organization on Meraki Cloud in different country. i have completely configure ip sec non meraki tunnel in both organization and its work to communicate each other.
 
Device on Org A : MX250 with advertise network 10.0.0.0/8 - ip sec config avability for this MX Only
Topology A: MX250 as Hub and many other spoke
 
Device on Org B : MX68 with advertise network 10.170.84.0/24 - ip sec config avability for this mx only
Topology B : MX250 as Hub and many other spoke
 
between the devices connect on non meraki peers ip sec.
 
The Issue is : Spoke under organization B cannot reach network organization A. there is no route advertise 10.0.0.0/8 on route table.
 
Any other option configuration to make the spoke can reach network on organization B?
 
Topology : 
roapeer_0-1765878958910.png

thank you in advance.



Labels:
0 Kudos
3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal
yesterday
yesterday

No, for that to be possible you also need to establish a VPN tunnel with the spoke.

 

It's now possible to use BGP, and perhaps even without the aforementioned need, but I personally have never tried it.

 

https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Site-t...]

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
GIdenJoe
Kind of a big deal
Kind of a big deal
yesterday
yesterday

In policy based IPsec VPN you would also need to have directly connected VPN from the spokes to the other hub and spoke to be able to reach those subnets.

The whole hub and spoke thing only kinds within AutoVPN inside the same org.
But you can just start VPNs from spokes to networks in the other org.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
yesterday
yesterday

You'll need to use the BGP over IPSec VPN option to make this work.

https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Site-t...

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.