Non-Meraki VPN network reachability

SOLVED
RB___
Here to help

Non-Meraki VPN network reachability

Hi Guys,

 

Currently my setup looks something like this: Edge-MX >>> AutoVPN <<< Main-MX >>> IPSEC <<< ASA

 

The MX at the main site has a VPN peer configured with the ASA and have networks exchanged between them. The Edge and Main sites MX devices uses Meraki AutoVPN for connection between some internal networks.

 

My question is: How do I configure my devices so that the Edge site can access the networks through the ASA VPN peer. Do I need to configure the edge-MX to peer with the ASA as well? Would I just need to setup a static route pointing to the ASA networks using the main-MX as the next-hop?

 

I feel like this should be quite simple but I'm scratching my head about it.

 

 

Thank you!

 

 

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

You can't.  Each edge MX will also require a non-Meraki VPN to the ASA.

View solution in original post

2 REPLIES 2
PhilipDAth
Kind of a big deal
Kind of a big deal

You can't.  Each edge MX will also require a non-Meraki VPN to the ASA.

Pugmiester
Building a reputation

One option you could look at, is using a secondary MX at your hub site (Main-MX location) to manage the ASA VPN link. That way, you can add a static route onto the Main-MX pointing to the VPN MX and that will allow you to publish the remote ASA subnets into SD-WAN. There's a great example walk through of this by Aaron Willette 

https://www.willette.works/merging-meraki-vpns/

 

We use this approach to bring in a couple of third party locations that need to reach services on site but are not part of our Meraki deployment.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels