Non Meraki Site/Site VPN advertise network to downstream MX devices.
I have a meraki to non meraki s2s VPN. I would like to advertise the network at the remote (non meraki) site to the rest of my Meraki sites. I dont want to manage VPN's from every Meraki site to this 1 non meraki site. Is there a way to advertise that non meraki VPN network out of the Meraki site where the VPN terminates?
First, make sure that the Non-Meraki site is allowing traffic from your other sites. Next, go to Security appliance > Site-to-site VPN. Under the Organization-wide settings, find your non-Meraki VPN peer that you wish to be accessible to all networks. Under the availability section, set it to All Networks.
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
I think if i select "all networks" all of my meraki sites will VPN into that non meraki site. I am trying to make that non meraki site reachable by going though the 1 meraki site the is VPN connected to the non meraki site. I think i need to be able to put in a static route that points down the non meraki vpn tunnel and then pass that route to the rest of my meraki sites, so far i havent seen any way to do that.
@bholmes12 You're correct about what the "all networks" option does for non-Meraki VPN peers. It's meant to control which MXen try to establish VPN connections to that peer.
Have you tried putting in static routes on your other MXen that are not connected to the non-Meraki peer? This may be the only way to get routes to the non-Meraki peer throughout your network. I don't believe there's an officially supported way currently to advertise non-Meraki peer routes.
@MRCURGave that a shot, but the dashboard spits out an error about an invalid next hop. I was using the outside interface GW as the next hop. Even if it took the route i dont think the MX would know to put that traffic into the proper VPN tunnel.