Route a subnet out the HQ of the auto-VPN network

Here to help

Route a subnet out the HQ of the auto-VPN network



I would like to take a public IP address, let's just say as an example, and have all of our offices route back to our HQ MX to reach


We use Auto-VPN and we are in a Hub-and-spoke model.  Each remote offices uses its local Internet as the default gateway and I'd like to keep it that way.  But I would like the HQ MX to advertise the route to as a subnet it can handle so that the remote offices will funnel that traffic to the HQ Internet connection.


My HQ MX has a public IP address assigned to its Internet port and sits behind a border device.  All of my LAN ports are private IP addresses, not routable.  So I don't know what to make the Next Hop of the route in order to get the traffic to out the WAN interface.


It's no problem at our HQ site, as the HQ's Internet connection is where I need the traffic to go.  But I can't figure out how to setup a route that is advertised to the remote offices because all I can do is have the HQ MX route the traffic deeper into the HQ network.  I've also tried thinking about setting up routes at each remote office, but I have the same issue in that I don't know how to setup a Next Hop back to my HQ network.


Any ideas if this is possible without taking default route away from my remote office MX's?



Kind of a big deal
Kind of a big deal

Not possible. You can only do that using one armed concentrator design, because in that case everything is send to the wan1 gateway address 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.