Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Non-Meraki IPSec tunnel issue

NjakaR
New here
‎Aug 22 2023 9:29 AM
‎Aug 22 2023 9:29 AM

Non-Meraki IPSec tunnel issue

Hello,

 

I'd like some helps to understand more or if there's any limitations between Meraki SDWANs and non-meraki ipsec tunnels.

 

My conf is below:

1st Meraki Site subnets: 172.17.0.0/16

2nd Meraki site subnets: 192.168.48.0/20

3rd Meraki site subenets: 192.168.10.0/24

4th Annyconnect VPN subnet: 192.168.44.0/25

 

Non-Meraki site subnets: 192.168.3.0/24

 

- The 3 meraki is ok with the site-to-site auto-VPN

- I need to configure an ipsec tunnel to allow the non-meraki subnet to reach all meraki networks but actually it just work with the 1st Meraki and Annyconnect subnets (172.17.0.0/16 and 192.168.44.0/25) and doesn't work for the two other sites.

 

Can anyone please help me to understand what i missed ?

 

Thank you very much

BR

0 Kudos
Subscribe
4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 22 2023 10:05 AM
‎Aug 22 2023 10:05 AM

There is no limitation on the number of tunnels, but remember that the Peer not Marki must know the subnet of each Site and an individual tunnel must be created for each site on the Peer side. Do you know how it is configured on the Peer side? What is the vendor on the Peer side?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
NjakaR
New here
‎Aug 22 2023 11:52 AM
‎Aug 22 2023 11:52 AM

Thanks for your reply,

 

All private subnets are already declared in both the Meraki & the non Meraki peer (Ruijie Networks router)

- I can reach the non-meraki peer subnet (192.168.3.0/24) from device connected to the Anyconnect VPN.

- I can reach the non-meraki peer subnet too from the 1st Meraki main subnet (from 172.17.0.0/16) but not from the other subnets within the Meraki peers (2nd and 3rd)

 

Thanks in advance for your helps

 

0 Kudos
Subscribe
In response to NjakaR
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 22 2023 12:11 PM
‎Aug 22 2023 12:11 PM

But here's the thing, do you have a Site-to-Site VPN between the second and third sites and the non-Meraki Peer?
 
I ask because if the VPN is only configured with the first site it will not work anyway. Because non-Meraki VPNs are not routed over SD-WAN.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Aug 22 2023 12:38 PM
‎Aug 22 2023 12:38 PM

Make sure each Meraki site makes a non-Meraki tunnel towards the non Meraki network.
As alemabrahao already mentioned, you cannot include SD-WAN remote subnets in a non-Meraki VPN.  It can only route client VPN, local subnets and static route subnets.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.