Meraki

Community

Need a specific IP address to not go thru a VPN Tunnel

cmal00
Here to help
‎Oct 23 2024 5:45 AM
‎Oct 23 2024 5:45 AM

Need a specific IP address to not go thru a VPN Tunnel

I have a VPN Tunnel between a MX-68 and a MX-85. I have a subnet that needs to be reach behind the MX-85, which it does. but there is one IP from that subnet (a server hosted outside my company) that can not go thru the tunnel and need to go out to the internet. I've tried creating a static route on the MX-86 but it just says "has an invalid next hop IP. The IP address x.x.x.x is not on a configured subnet. Is there a way to archive this? 

 

Thanks

0 Kudos
3 Replies 3
double_virgule
Getting noticed
‎Oct 23 2024 6:34 AM
‎Oct 23 2024 6:34 AM

We tried to do the same thing, and ended up just splitting out the subnet and making the IPs in question a /30 and then just disabling the VPN on it. 

 

There's probably a better way to do it, and your solution is probably just missing some NAT configuration, but we gave up and just did it the easy way. 

0 Kudos
cmal00
Here to help
‎Oct 23 2024 6:52 AM
‎Oct 23 2024 6:52 AM

Yes, that's what someone had mention to do as a work around. I'm just surprise that you just can't create a static route pointing it out the the outside interface. 

0 Kudos
MartinLL
Building a reputation
‎Oct 23 2024 9:25 AM
‎Oct 23 2024 9:25 AM

Maybe full tunnel vpn exclusion could work for you?

https://documentation.meraki.com/MX/Site-to-site_VPN/VPN_Full-Tunnel_Exclusion_(Application_and_IP%2... 

MLL
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.