- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Non-Meraki VPN peers, will not route traffic between the non-Meraki VPN peers and other AutoVPN peer
Dear Community,
I have been struggling for days with this problem and the called the 24x7 support only to find that apparently this is not supported by Meraki, has anyone come across a solution ?
I have been trying to route traffic from a Z1 that is connected to an MX64 via a auto-VPN connection which is then connected to a Non-Meraki site to site VPN, but it appears this can not be done, has anyone come accross this before and found a solution ?
This is the para. from a tech note:
An MX Security Appliance can establish tunnels to both AutoVPN and Non-Meraki VPN peers. The MX will send traffic to those VPN peers using the principles discussed above. However, an MX that builds tunnels to both AutoVPN and Non-Meraki VPN peers, will not route traffic between the non-Meraki VPN peers and other AutoVPN peers.
CMNA, CMNO, ECMS2
SNSA, SNSP
~~If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.~~
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That is correct.
Can you also built a VPN between the Z1 and the remote site directly?
What sort of application are you wanting to access remotely via the VPN? A web app using http, an smb file share, something else?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can the Z1 be configured to just AutoVPN to the MX64 and then Site to Site VPN to the same destination directly that the MX64 is tunneling to?
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
any idea to overcome this issue? i'm setting up mx64w at hub with multiple spokes, need to reroute traffic from spokes to non meraki vpn peer at hub
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can work around it by using an extra MX next to the hub, and use that for the non-Meraki VPNs.
You create a static route on the AutoVPN for the remote subnets via the extra MX and say to put those into AutoVPN. On the extra MX you put a static route pointing to the remote AutoVPN destinations via the hub.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
the extra MX need to be part of LAN of 1st MX or can using other public IP?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For non-meraki VPNs the extra MX should have a static IP address, or your life might get hard.
The AutoVPN hub should ideally have a static IP address, but it is not as critical.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This seems like an overly expensive and complicated solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ChristianF site-to-site VPNs with non-Meraki peers are always challenging, but if you know how they work and how to overcome some of the limitations they work just fine. Is there anything specific you are trying to achieve?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
this solution works, need to have different box and different dashboard, set the static routing
thanks @PhilipDAth