cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Remote Site Separation

Highlighted
Conversationalist

Remote Site Separation

I work for a medium size company. Our Site-to-Site VPN is running on a Hub and Spoke design with Meraki. Now, this company has purchased a variety of other businesses and has them running straight to our HQ. I've been asked to separate the main business from the other sites, but we still have to provide network support for these sites. My rough design plan would be to remove the DATA traffic from the Meraki VPN and only allow MGMT traffic and possibly voice. I'm not familiar with Meraki's SD Wan products so, while this task sounds simple enough, I'm unsure on how this could be accomplished via configuration on the cloud. Any information is helpful 😊

2 REPLIES 2
Highlighted
Kind of a big deal

Re: Remote Site Separation

Are the new businesses all third party tunnels?

 

Assuming so, I'd setup firewall rules on both ends to block all traffic to/from Home Base except for the subnets you want.

Keep in mind that you only have OUTBOUND site-to-site firewall rules in Merakiverse. Not inbound.

Highlighted
Meraki Employee

Re: Remote Site Separation

Hi,

 

just reiterating @Nash reply, the easiest way is to configure the Site-to-site VPN firewall rules allowing only the desired traffic. Here's the link to Meraki KB regarding the configuration.

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Firewall_Rule_Behavior

 

hope this helps.

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.