cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Non-Meraki VPN peers, will not route traffic between the non-Meraki VPN peers and other AutoVPN peer

Getting noticed

Non-Meraki VPN peers, will not route traffic between the non-Meraki VPN peers and other AutoVPN peer

Dear Community,

 

I have been struggling for days with this problem and the called the 24x7 support only to find that apparently this is not supported by Meraki, has anyone come across a solution ?

 

I have been trying to route traffic from a Z1 that is connected to an MX64 via a auto-VPN connection which is then connected to a Non-Meraki site to site VPN, but it appears this can not be done, has anyone come accross this before and found a solution ?

 

This is the para. from a tech note:

 

AutoVPN and Non-Meraki VPN peers

An MX Security Appliance can establish tunnels to both AutoVPN and Non-Meraki VPN peers. The MX will send traffic to those VPN peers using the principles discussed above. However, an MX that builds tunnels to both AutoVPN and Non-Meraki VPN peers, will not route traffic between the non-Meraki VPN peers and other AutoVPN peers.

 
6 REPLIES 6
Kind of a big deal

Re: Non-Meraki VPN peers, will not route traffic between the non-Meraki VPN peers and other AutoVPN

That is correct.

 

Can you also built a VPN between the Z1 and the remote site directly?

 

What sort of application are you wanting to access remotely via the VPN?  A web app using http, an smb file share, something else?

Kind of a big deal

Re: Non-Meraki VPN peers, will not route traffic between the non-Meraki VPN peers and other AutoVPN

Can the Z1 be configured to just AutoVPN to the MX64 and then Site to Site VPN to the same destination directly that the MX64 is tunneling to?

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
New here

Re: Non-Meraki VPN peers, will not route traffic between the non-Meraki VPN peers and other AutoVPN

any idea to overcome this issue? i'm setting up mx64w at hub with multiple spokes, need to reroute traffic from spokes to non meraki vpn peer at hub

Highlighted
Kind of a big deal

Re: Non-Meraki VPN peers, will not route traffic between the non-Meraki VPN peers and other AutoVPN

You can work around it by using an extra MX next tot he hub, and use that for the non-Meraki VPNs.

 

You create a static route on the AutoVPN for the remote subnets via the extra MX and say to put those into AutoVPN.  On the extra MX you put a static route pointing to the remote AutoVPN destinations via the hub.

New here

Re: Non-Meraki VPN peers, will not route traffic between the non-Meraki VPN peers and other AutoVPN

the extra MX need to be part of LAN of 1st MX or can using other public IP?

Kind of a big deal

Re: Non-Meraki VPN peers, will not route traffic between the non-Meraki VPN peers and other AutoVPN

For non-meraki VPNs the extra MX should have a static IP address, or your life might get hard.

 

The AutoVPN hub should ideally have a static IP address, but it is not as critical.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.