Hi all,
we transmit a Subnet 1 (10.0.10.0/24, VLAN 10) over a non-Meraki VPN Tunnel to a third party firewall.
Another Subnet 2 (10.0.20.0/24, VLAN 20) has a local breakout and is not transfered over this VPN tunnel.
Now the question:
A third Subnet 3 (10.0.30.0/24, VLAN 30) should have also a local breakout, except all DHCP requests from this Subnet 3 (Central DHCP Server)
Is this scenario possible with Advanced License, or only with SD-WAN Plus License ?
I've read this document, but I like to know your experience and opinion.
many thanks for your reply in advance
Solved! Go to solution.
Yeah - I don't believe that combination is possible. You would like to use source-based default routes, but they can only be defined via another MX (an AutoVPN tunnel) or a LAN port, not a non-Meraki VPN tunnel, as here.
Is there a reason why you can't run the DHCP on the MX, as I suggested? It's the closest you will get to the traffic pattern you want, right now, I think.
Where is the DHCP server, that is serving VLAN 30? I'm guesssing that's at the far end of the non-Meraki tunnel?
It sounds like you have a default route 0.0.0.0/0 configured as the Private subnet in your non-Meraki VPN. (for VLAN 10) and that you have VLAN 20 = VPN mode disabled.
I think you will need to also configure VLAN 30 = VPN mode disabled, but provide DHCP for that VLAN locally on the MX.
Yes, DHCP Server is at the far end of the non-Meraki tunnel and you're right with the default route and VLAN 20 VPN mode is disabled.
From VLAN 30,only DHCP should use the VPN Tunnel to the DHCP Server (VLAN 10 and 30), all other traffic from VLAN 30 should use local internet breakout.
Yeah - I don't believe that combination is possible. You would like to use source-based default routes, but they can only be defined via another MX (an AutoVPN tunnel) or a LAN port, not a non-Meraki VPN tunnel, as here.
Is there a reason why you can't run the DHCP on the MX, as I suggested? It's the closest you will get to the traffic pattern you want, right now, I think.
Running DHCP on the local MX would be the way to go.
Many thanks for your reply, but at the moment it's not possible, because our DHCP Server is located centralized in our DC, not locally.
But I can't route the whole Subnet 30 to the VPN tunnel, reason is to much traffic over VPN, only DHCP traffic should be transfered via the VPN tunnel.