Meraki

MikeMcL · ‎Dec 19 2017

Good afternoon,

We are using a third party for web filtering and traffic analysis as opposed to the Meraki native tools. We have a mix of MX100 and MX65 across a number of locations with the AutoVPN established. At our main site, we have an MX100 with several NAT and port mapping rules set up for remote desktop, email, and an SFTP server. In order to use the 3rd party web-filter, we had to set up a VPN to Non-Meraki peer and use 0.0.0.0/0 for the private subnet. The VPN tunnel was established and traffic was seen on the remote web-filter. The problem is our SMTP traffic was flowing through the web-filter and as a result showing the wrong Public IP address on SPF verification. Additionally, RDP connections could not be completed as the outbound responses where being passed through the remote web-filter instead of returning through the NAT IP they came in on.

Does anyone have a similar scenario where there is a new default route created by a VPN and still is able to correctly route email and NAT/Mapped IP traffic?

Thank you,

Michael

PhilipDAth · ‎Dec 19 2017

The only option I can think of is to use dual Internet circuits on the MX.

Use the VPN on one, and use Internet flow preferences to route everything you want out the other.

But this is really the hard way of doing it. The easy way is to use the built in system assuming you have an Advanced Security licence.

MikeMcL · ‎Dec 19 2017

Thank you PhilipDAth, there are reasons for this configuration that I am better off not getting into. We already have a second WAN with Public facing IP addresses so this may be my only option. We are working on getting technical resources from the 3rd party on with Meraki tech tomorrow and see if there are any alternatives.

Meraki

Community

Question about setting up a third party web-filter

Question about setting up a third party web-filter