Hi here,
I'm having a weird issue, I'm not new to Cisco or networking but pretty new to Meraki. I'm finding it a bit annoying for this kind of stuff, but maybe it's me used to old school cli... 🙂 Anyway my problem is:
HQ concentrator (10.20.0.0/16) set up to be a mesh with a VPN connection Site-to-Site (AWS) restricted to just create the tunnel from the main MX concentrator. This works fine, vpn connection UP and everything working from local network, even everything working from client-vpn network. (TAG configured so only this MX establish the tunnel).
Z1 appliance (10.150.3.0/24) configured to be as Spoke to connect to Hub "HQ conectrator" (10.20.0.0/16)(Ticked as default route). This works fine as well, I can contact the spoke and everything runs as expected.
Problem comes when Z1 tries to contact AWS. I will expect the traffic to be as follows.
Z1 --> Default route --> HQ --> Site-to-Site VPN --> AWS
AWS --> Site-to-Site VPN --> HQ --> Meraki VPN --> Z1
I can see traffic being sent from Z1 to HQ but that's it. I cannot contact AWS. I've checked from AWS site... all correctly configured (including route back). I even started a traffic monitoring to see if the traffic was arriving but not leaving... nothing.
I'm not sure if what Meraki is expecting to happen is that ALL the appliances that want access to the site-to-site VPN will establish their own tunnel, which is mad.... or is just that I'm missing something. I don't even know how to start troubleshooting 🙂
Thanks in advance
