Hello everybody,
I won't take long, here is a summary of my problem
I have 6 Z3 connected thanks to the native VPN merki to an MX.
I created an ipsec tunnel between a remote infrastructure and the MX.
I manage to access the MX network but I cannot access the Z3 networks which are all connected to the MX.
Can you help me please?
Solved! Go to solution.
Exactly, from the MX-view, it is just a routing-hop to that device that provides the VPN-access to these networks. For the placement of this device, it can be anywhere what is reachable from the MX. I like to place the public interface of the VPN-device in the public network, the internal interface is placed in an MX-DMZ.
You need a non meraki tunnel to all devices.
Look here for : AutoVPN + non-Meraki VPN Integration Considerations
https://www.willette.works/merging-meraki-vpns/
Thank you, i will check this
I looked at the link but isn't there a solution without needing to buy another MX
It doesn't have to be another MX. Any device (physical or virtual) that can provide VPN-services will do the job. But it can't be the MX that you already have in your network.
Thank you for the answer
If I understand your solution correctly, the tunnel that I have to create must not be between my data center on NSXedge and the meraki? I have to use a firewall (pfsense for example) behind the meraki to create the tunnel with my remote infrastructure
Exactly, from the MX-view, it is just a routing-hop to that device that provides the VPN-access to these networks. For the placement of this device, it can be anywhere what is reachable from the MX. I like to place the public interface of the VPN-device in the public network, the internal interface is placed in an MX-DMZ.
Thank you very much,
I will propose this solution to my superiors because it is the only solution available in my case
I use an additional ASA (or now Firepower Appliance) for all these Extranet VPNs. Yes, it's not part of your dashboard-network, but it makes the VPNs more secure and more flexible.