FW 1 and FW2 need to communicate with FW3 via MX250 site-to-site tunnel.
Unable to pass remote subnet to next peer.
Please give any suggestions on this
Solved! Go to solution.
The non-Meraki VPN does not participate in Meraki SD-WAN, so it will not work.
The non-Meraki VPN does not participate in Meraki SD-WAN, so it will not work.
any solution?
Configure a direct VPN between them.
Thanks for the suggestion. but it is not possible next peers,due to policy
Something like this.
I will try. But i looking permanent solution.
Whilst agreeing with the recommendation for MX / Z devices everywhere (😉) I think the original ask was for all the tunnels to be non-Meraki VPN, in which case the limitation around not hairpinning AutoVPN with non-Meraki VPN doesn't apply. I've not come across this particular ask before though - where there are no Meraki Spokes (as I understand it) - so am seeking some answers intrenally on whether this will / should work. Did you raise a case with Meraki Support? Did the Dashboard throw up errors, when you tried to configure it - or did it just not pass traffic? Were you able to use packet captures to see where the traffic flow was breaking down?
He is not receiving an error, he wants to communicate between two non-meraki peer networks through the MX, which is not possible.😉
Yes. you are right. We plan to go with non-Meraki.
Yes, bro. I have raised a case for this. As per Meraki team, not possible. I want to throw a non-meraki peer subnet to another peer. can't do source-based routing. there are limitations also basic nating is available.
Whilst agreeing with the recommendation for MX / Z devices everywhere (😉) I think the original ask was for all the tunnels to be non-Meraki VPN, in which case the limitation around not hairpinning AutoVPN with non-Meraki VPN doesn't apply. I've not come across this particular ask before though - where there are no Meraki Spokes (as I understand it) - so am seeking some answers internally on whether this will / should work. Did you raise a case with Meraki Support? Did the Dashboard throw up errors, when you tried to configure it - or did it just not pass traffic? Were you able to use packet captures to see where the traffic flow was breaking down?
I am working on a similar problem Phase 2 S2S tunnel not coming up - the debugs suggest ACL mismatch. One end Cisco IOS FWL other end MX8x . Remote MX ( managed by third party) has multiple MX and couple of non-Meraki VPN peers working fine . This tunnel is Policy based IPsec Tunnel bound by ACL, apparently there is a limitation at the head end MX which cannot assign a specific ACL to this IPsec tunnel - Also a route based VTI tunnel to MX is not an option either- so we are stuck in this state of phase 2 failing at Cisco end - I am not an MX expert , but about to propose a similar solution to bypass this MX