Meraki

RB___ · ‎Jul 7 2020

Hi Guys,

Currently my setup looks something like this: Edge-MX >>> AutoVPN <<< Main-MX >>> IPSEC <<< ASA

The MX at the main site has a VPN peer configured with the ASA and have networks exchanged between them. The Edge and Main sites MX devices uses Meraki AutoVPN for connection between some internal networks.

My question is: How do I configure my devices so that the Edge site can access the networks through the ASA VPN peer. Do I need to configure the edge-MX to peer with the ASA as well? Would I just need to setup a static route pointing to the ASA networks using the main-MX as the next-hop?

I feel like this should be quite simple but I'm scratching my head about it.

Thank you!

PhilipDAth · ‎Jul 7 2020

You can't. Each edge MX will also require a non-Meraki VPN to the ASA.

View solution in original post

PhilipDAth · ‎Jul 7 2020

You can't. Each edge MX will also require a non-Meraki VPN to the ASA.

Pugmiester · ‎Jul 8 2020

One option you could look at, is using a secondary MX at your hub site (Main-MX location) to manage the ASA VPN link. That way, you can add a static route onto the Main-MX pointing to the VPN MX and that will allow you to publish the remote ASA subnets into SD-WAN. There's a great example walk through of this by Aaron Willette

https://www.willette.works/merging-meraki-vpns/

We use this approach to bring in a couple of third party locations that need to reach services on site but are not part of our Meraki deployment.

Meraki

Community

Non-Meraki VPN network reachability

Non-Meraki VPN network reachability