Meraki

Community

IP Sec non Meraki Between 2 Organization - Spoke under Hub can reach other network

roapeer
Comes here often
3 weeks ago
3 weeks ago

IP Sec non Meraki Between 2 Organization - Spoke under Hub can reach other network

 
Hallo Guys,
I want to ask. i have 2 organization on Meraki Cloud in different country. i have completely configure ip sec non meraki tunnel in both organization and its work to communicate each other.
 
Device on Org A : MX250 with advertise network 10.0.0.0/8 - ip sec config avability for this MX Only
Topology A: MX250 as Hub and many other spoke
 
Device on Org B : MX68 with advertise network 10.170.84.0/24 - ip sec config avability for this mx only
Topology B : MX250 as Hub and many other spoke
 
between the devices connect on non meraki peers ip sec.
 
The Issue is : Spoke under organization B cannot reach network organization A. there is no route advertise 10.0.0.0/8 on route table.
 
Any other option configuration to make the spoke can reach network on organization B?
 
Topology : 
roapeer_0-1765878958910.png

thank you in advance.



Labels:
0 Kudos
7 Replies 7
alemabrahao
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

No, for that to be possible you also need to establish a VPN tunnel with the spoke.

 

It's now possible to use BGP, and perhaps even without the aforementioned need, but I personally have never tried it.

 

https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Site-t...]

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
roapeer
Comes here often
2 weeks ago
2 weeks ago

hallo thanks for your respond, any spesific config on iBGP? i have implement iBGP routing via Meraki auto VPN but its not working, the route 10.0.0.0/8 still didnt apear on spoke route table, any other advice? thanks in advance

0 Kudos
GIdenJoe
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

In policy based IPsec VPN you would also need to have directly connected VPN from the spokes to the other hub and spoke to be able to reach those subnets.

The whole hub and spoke thing only kinds within AutoVPN inside the same org.
But you can just start VPNs from spokes to networks in the other org.

0 Kudos
In response to GIdenJoe
roapeer
Comes here often
2 weeks ago
2 weeks ago

yes the whole spoke already connect on Pointing HUB, but the spoke still cant have route table 10.0.0.0/8 to connect via VPN non meraki peers on org B to org A, any other advice ? thanks in advance

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

You'll need to use the BGP over IPSec VPN option to make this work.

https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Site-t...

 

In response to PhilipDAth
roapeer
Comes here often
2 weeks ago
2 weeks ago

hallo thanks for your respond, any spesific config on iBGP? i have implement iBGP routing via Meraki auto VPN but its not working, the route 10.0.0.0/8 still didnt apear on spoke route table, any other advice? thanks in advance

0 Kudos
In response to roapeer
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

Is the remote org advertising 10.0.0.0/8 via BGP to you?  It doesn't sound like it is.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2026 Cisco Systems, Inc.