Meraki

CPillar · ‎Sep 26 2023

Hello folks

We have a MX 250 with typical vlans and a static route to a 3rd party data center hosting our servers (VMs).

We have an Ubiquiti UDMSE successfully connected with a S2S to the MX 250 and clients behind the UDMSE can see clients on the vlans on the MX but they cannot see the servers in the data center via the static route. All our other meraki peers can of course see the data center via autovpn.

Any suggestions?

ww · ‎Sep 26 2023

The ubiquiti has a route to the datacenter subnet? And the datacenter has a route for the subnets behind the ubiquiti?

CPillar · ‎Sep 26 2023

The mx and the udmse have each others subnets. I'll confirm with the datacenter itself.

I was assuming that the datacenter didnt need a static route back to the subnet behind the udmse since none of the subnets behind our other meraki peers have static routes back from the datacenter. is this the magic of autovpn?

ww · ‎Sep 26 2023

The dc needs routes to your networks. Not sure its the problem here, but that would be the first thing i would check.

A default route

or

all specific routes in your network/vpn networks.

Or

In case you would run ospf to the dc then autovpn subnets would be advertised. (But this options doesnt work with vlans enabled)

CPillar · ‎Sep 26 2023

K. Just so I understand

Any meraki S2S peers do not need routes back from DC as our MX hub will route as needed via AutoVPN magicness (we have 14 MX68 spokes right now and never had to ask DC to route back)

Any non-meraki S2S peers do need routes back from DC as the MX hub will not route as needed because no AutoVPN magicness

Correct?

PhilipDAth · ‎Sep 26 2023

Is the static route included in the encryption domain on the MX and the UDMSE?

CPillar · ‎Sep 27 2023

Firewall rules at the DC

All is working now

Meraki

Community

Non-Meraki site-to-site vpn peer and static route on MX

Non-Meraki site-to-site vpn peer and static route on MX