Dear Guys.
I am working on below given Network Topology. There are two different sites (Site B & Site C) and those sites need to be connected with 3rd site (Site A) via Site to Site VPN tunnel. Site B & Site C has Meraki MX95 and Site A has Paloalto.
All the Meraki products of Site B&C are added on a Single dashboard along with the licenses.
Site B is connected with Site A via IPsec VPN tunnel and all the Networks on remote sites are accessible.
The issue arises when we create the 2nd tunnel for Site C & Paloalto.
Kindly guide how can the Site C tunnel be created.
Solved! Go to solution.
You only need 1 ipsec tunnel config on the meraki dashboard. The config is global so all your mx devices will try create the tunnel to site A
Availability - Determines which MXes in the organization will be communicating with this peer. By default, all devices in an organization will establish tunnels with a third-party peer, however network tags can be used to limit these connections to a few networks.
Can you show the message error and the configuration?
You cannot configure more than one tunnel with the same private subnets.
But you can create just one tunnel for all networks.
You've probably done this already but in the interim could you not create a S2S VPN between sites B and C using Meraki AutoVPN? This way Site A can reach both sites.
What subnets are at Sites B and C?
Where is the error being generated, on the Palo?
I don't need to create the S2S VPN between Site B & Site C. Both these sites should only need to create VPN with SIte A.
You only need 1 ipsec tunnel config on the meraki dashboard. The config is global so all your mx devices will try create the tunnel to site A
Availability - Determines which MXes in the organization will be communicating with this peer. By default, all devices in an organization will establish tunnels with a third-party peer, however network tags can be used to limit these connections to a few networks.
Thank you for the guidance.
If the case is that Meraki is creating the global tunnel for all the devices, than how will Paloalto come to know that from which interface it can access Site C networks?
We need to perform routing on Paloalto that if need to access Site C networks your next hope shall be Site B Hostname/IP which is already the working tunnel?
Is this the way you are trying to guide?
I sent you an example.
Thank you for your guidance. I used the Tags in Availability tab and created the second tunnel. Both are working now.
Thank you for the solution.