Route all traffic over site-to-site VPN

Anonymous
Not applicable

Route all traffic over site-to-site VPN

Hello community !!!

I have this question for you: is it possible to route ALL traffic to site-to-site VPN ?

 

I have an MX65W (in China) configured with site-to-site VPN (third party appliance on remote site). Is it possible to route all traffic to VPN tunnel ? 

 

Thank you,

Luca

12 REPLIES 12
MarcP
Kind of a big deal

Security - Configure - Site to SiteVPN und tik the checkbox for "use VPN" - in the attachment I only used one vlan to be in VPN, other uses local breakout.

 

Should be what you want?

 

2019-04-04 13_02_36-VPN Configuration - Meraki Dashboard.png

Anonymous
Not applicable

Hello MarcP,

I already have Use VPN tik.

I'd like to route all traffic (Internet traffic too) from LAN to site-to-site VPN tunnel (instead of Internet 1 port).

 

This is the objective.

 

If I set 0.0.0.0/0 in "Private subnets" instead of remote office IP class, will it work ?

So I imagine something like this:

 

VPN.png

What about ?

 

Thank you,

Luca

 

 

MarcP
Kind of a big deal

This is what you want then.

 

Just get up the Site-To-Site Tunnel and then tik the box "use VPN", so all your traffic will be routet into your Tunnel.

 

Tunnel will be established through Internet1/Internet2 port (depends on your cableing).

 

Internettraffic will be in the tunnel as well, when you set it like on the screenshot. 🙂 We have got the same setup, using 0.0.0.0/0

Anonymous
Not applicable

Hello MarcP,

but the "Use VPN" is not enough if I don't set Private subnets to include ALL subnets (0.0.0.0/0). But will it work ? I don't like to make that change and have Meraki device disconnected from cloud console (even if I don't think it will really happen).

 

What about ?

 

Bye,

Luca

MarcP
Kind of a big deal

correct, 0.0.0.0/0 (all) is necessary as well. It should work and your device will still be shown in the cloud, as it is a seperate connection (Meraki Managementconnection).

Anonymous
Not applicable

Hello MarcP,

good. We'll try this solution and write down feedback here (just to have a complete community post).

 

Thank you again,

Luca

Guys, this is very simple  😃

 

You have to check this box

 

6666666666666666.jpg

 

 

If you uncheck the box, then the SPOKE site will use 'split-tunnel' mode.

If you check the box, then the SPOKE site will use 'full-tunnel' for any of the subnets below that say YES

Nolan Herring | nolanwifi.com
TwitterLinkedIn
Anonymous
Not applicable

Hello Nolan,

I don't have Meraki on remote site, but third party device; so I cannot select Spoke because no Hubs (from A site-to-site VPN spoke requires at least one hub to connect to - Note: Hub and spoke topologies are currently only supported between Meraki MXes, non-Meraki VPN peers cannot be configured as spokes).

 

Bye,

Luca

 

My apologies, I thought it also applied to 3rd party tunnels.

Have a look at this:

https://community.meraki.com/t5/Security-SD-WAN/Full-Tunnel-on-a-Non-Meraki-VPN/td-p/28862
Nolan Herring | nolanwifi.com
TwitterLinkedIn

Tick the "Default Route" box to make a spoke route all traffic to the hub.

 

1.PNG


@PhilipDAth wrote:

Tick the "Default Route" box to make a spoke route all traffic to the hub.

 

1.PNG


That was my assumption too @PhilipDAth but this is a setup to a 3rd party VPN, trying to do full-tunnel across that from what I read.

Nolan Herring | nolanwifi.com
TwitterLinkedIn
Anonymous
Not applicable

Hello Nolan,

interesting post. I'll look on it.

 

Thank you again,

Luca

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels