I have been struggling for days with this problem and the called the 24x7 support only to find that apparently this is not supported by Meraki, has anyone come across a solution ?
I have been trying to route traffic from a Z1 that is connected to an MX64 via a auto-VPN connection which is then connected to a Non-Meraki site to site VPN, but it appears this can not be done, has anyone come accross this before and found a solution ?
This is the para. from a tech note:
An MX Security Appliance can establish tunnels to both AutoVPN and Non-Meraki VPN peers. The MX will send traffic to those VPN peers using the principles discussed above. However, an MX that builds tunnels to both AutoVPN and Non-Meraki VPN peers, will not route traffic between the non-Meraki VPN peers and other AutoVPN peers.
That is correct.
Can you also built a VPN between the Z1 and the remote site directly?
What sort of application are you wanting to access remotely via the VPN? A web app using http, an smb file share, something else?
Can the Z1 be configured to just AutoVPN to the MX64 and then Site to Site VPN to the same destination directly that the MX64 is tunneling to?
You can work around it by using an extra MX next to the hub, and use that for the non-Meraki VPNs.
You create a static route on the AutoVPN for the remote subnets via the extra MX and say to put those into AutoVPN. On the extra MX you put a static route pointing to the remote AutoVPN destinations via the hub.
For non-meraki VPNs the extra MX should have a static IP address, or your life might get hard.
The AutoVPN hub should ideally have a static IP address, but it is not as critical.
@ChristianF site-to-site VPNs with non-Meraki peers are always challenging, but if you know how they work and how to overcome some of the limitations they work just fine. Is there anything specific you are trying to achieve?