Remote Site Separation

Cerickson
Conversationalist

Remote Site Separation

I work for a medium size company. Our Site-to-Site VPN is running on a Hub and Spoke design with Meraki. Now, this company has purchased a variety of other businesses and has them running straight to our HQ. I've been asked to separate the main business from the other sites, but we still have to provide network support for these sites. My rough design plan would be to remove the DATA traffic from the Meraki VPN and only allow MGMT traffic and possibly voice. I'm not familiar with Meraki's SD Wan products so, while this task sounds simple enough, I'm unsure on how this could be accomplished via configuration on the cloud. Any information is helpful 😊

2 REPLIES 2
Nash
Kind of a big deal

Are the new businesses all third party tunnels?

 

Assuming so, I'd setup firewall rules on both ends to block all traffic to/from Home Base except for the subnets you want.

Keep in mind that you only have OUTBOUND site-to-site firewall rules in Merakiverse. Not inbound.

DensyoV
Meraki Employee
Meraki Employee

Hi,

 

just reiterating @Nash reply, the easiest way is to configure the Site-to-site VPN firewall rules allowing only the desired traffic. Here's the link to Meraki KB regarding the configuration.

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Firewall_Rule_Behavior

 

hope this helps.

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels