Non-Meraki site-to-site vpn peer and static route on MX

CPillar
Just browsing

Non-Meraki site-to-site vpn peer and static route on MX

Hello folks

 

We have a MX 250 with typical vlans and a static route to a 3rd party data center hosting our servers (VMs).

 

We have an Ubiquiti UDMSE successfully connected with a S2S to the MX 250 and clients behind the UDMSE can see clients on the vlans on the MX but they cannot see the servers in the data center via the static route.  All our other meraki peers can of course see the data center via autovpn.

 

Any suggestions?

 

 

6 Replies 6
ww
Kind of a big deal
Kind of a big deal

The ubiquiti has a route to the datacenter subnet? And the datacenter has a route for the subnets behind the ubiquiti?

CPillar
Just browsing

The mx and the udmse have each others subnets.  I'll confirm with the datacenter itself. 

 

I was assuming that the datacenter didnt need a static route back to the subnet behind the udmse since none of the subnets behind our other meraki peers have static routes back from the datacenter.  is this the magic of autovpn?

ww
Kind of a big deal
Kind of a big deal

The dc needs routes to your networks. Not sure its the problem here, but that would be the first thing i would check.

 

A default route

or

all specific routes in your network/vpn networks.   

Or

In case you would run ospf to the dc then autovpn subnets would be advertised. (But this options doesnt work with vlans enabled) 

CPillar
Just browsing

K.  Just so I understand

 

Any meraki S2S peers do not need routes back from DC as our MX hub will route as needed via AutoVPN magicness (we have 14 MX68 spokes right now and never had to ask DC to route back)

 

Any non-meraki S2S peers do need routes back from DC as the MX hub will not route as needed because no AutoVPN magicness

 

Correct?

PhilipDAth
Kind of a big deal
Kind of a big deal

Is the static route included in the encryption domain on the MX and the UDMSE?

CPillar
Just browsing

Firewall rules at the DC

 

All is working now

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels