Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki 3rd Party VPN

AndrewZ3
Comes here often
‎Oct 26 2023 12:50 PM
‎Oct 26 2023 12:50 PM

Meraki 3rd Party VPN

Hello all, I am looking to get some answers about making AutoVPN and 3rd Party VPN work together.

 

The situation is that our organization has some Z1s at remote site that we are trying to connect into our network. Our main sites use a 3rd party firewall that takes care of all routing. Basically, if traffic makes it to the firewall (in this case on a VPN), it will be routed properly to our main sites. However, the 3rd party does not use Meraki, so we have to build the VPN using the 3rd party option. I have read many things about why this will not work. Some people say that it's an organization thing, some say it can be done with 2 MX100s and static routes. Currently, I have two MX100s. One is set up in VPN concentrator mode, receiving traffic from the Z1 devices, and the other has the 3rd party VPN built and up. What I don't understand is that if I look in the route tables of the Z1 devices, I see the 3rd party VPN route in there. The other thing is, I am able to ping to the local address of the MX100 that is configured on the 3rd party VPN. I have worked at this all week and would love to hear some solutions that anyone might have.

0 Kudos
Subscribe
4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 26 2023 2:48 PM
‎Oct 26 2023 2:48 PM

a third-party VPN does not participate in the auto VPN, meaning this device must have to have a tunnel configured with each MX/Zx on your network.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 26 2023 7:05 PM
‎Oct 26 2023 7:05 PM

I'm confused.  Your main site, with the third party firewall - are you saying there is also an MX100 there in VPN concentrator mode?

0 Kudos
Subscribe
In response to PhilipDAth
AndrewZ3
Comes here often
‎Oct 26 2023 7:28 PM
‎Oct 26 2023 7:28 PM

Yes, because I read that autovpn devices (z1s at remote sites) don’t learn routes from 3rd party vpn tunnels. So I have one mx100 that is peered with the z1s, and another mx100 that is peered with the 3rd party firewall. I’m just a little confused on how to make the autovpn devices route over the 3rd party vpn. 

0 Kudos
Subscribe
In response to AndrewZ3
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 26 2023 10:07 PM
‎Oct 26 2023 10:07 PM

A third-party VPN does not participate in the auto VPN, meaning this device must have to have a tunnel configured with each MX/Zx on your network.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.