Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Routing my lan network to PFSense VPN - HELP

bikkembergz
Comes here often
‎Sep 25 2020 12:01 AM
‎Sep 25 2020 12:01 AM

Routing my lan network to PFSense VPN - HELP

I'm using PFsense as site-to-site VPN to external site.

 

my network is 192.168.21.0/24

pfsense ip: 192.168.21.2 (tunnel vpn ip: 10.8.0.0/24)

External network 10.132.0.0/20 (I can ping this network from pfsense while VPN is active )

 

I need to route all 192.168.21.0/24 traffic to 10.132.0.0/20 network.


Is the "static route" the best way?

Static route input form asking: Name; Subnet; Next hop ip.

How can I setup Meraki MX to add my route?

0 Kudos
5 Replies 5
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 25 2020 1:11 AM
‎Sep 25 2020 1:11 AM

Yes, you need static routes to the remote network pointing to the PFsense IP. And the PFsense firewall needs a route for your internal network to the MX IP.

0 Kudos
In response to KarstenI
bikkembergz
Comes here often
‎Sep 25 2020 2:19 AM
‎Sep 25 2020 2:19 AM

Thanks for your reply.
Could you better explain the second point? 

Why PFsense firewall needs a rout to MX IP? To allow "bi-directional access"? 

 

Is need to allow Google Network access to my local network?

0 Kudos
In response to bikkembergz
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 25 2020 3:09 AM
‎Sep 25 2020 3:09 AM

I just see that your PFsense device is part of your internal network. This can give you asymmetric routing to/from your external network. Better put the PFSense box in a dedicated DMZ and configure the routing as mentioned.

0 Kudos
In response to KarstenI
bikkembergz
Comes here often
‎Sep 27 2020 10:00 AM
‎Sep 27 2020 10:00 AM

Thanks!

Last questions:

Adding route to external networks from LAN everything is working fine.

 

Last problem: this route is not working from client-vpn. 

I tried to connect to office lan from home and the static route doesn't works.

How can I add this route also to client vpn network? (192.168.99.x)

0 Kudos
In response to bikkembergz
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 27 2020 10:20 AM
‎Sep 27 2020 10:20 AM

For the Network 192.168.99.0/24 you need

  • to add this network to your s2s VPN
  • a route pointing to the s2s-tunnel on the remote network
  • a route pointing to the local MX on the PFsense gateway
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.