Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Routing to 3rd party website via site to site VPN.

JasonNgAcuutech
Comes here often
‎May 29 2024 2:02 AM
‎May 29 2024 2:02 AM

Routing to 3rd party website via site to site VPN.

Hi,

I'm having an issue accessing a website in China. I believe it is an issue with the ISP. I am trying to come up with a temporary workaround.

Currently, I have a site-to-site VPN that is connected to a Singapore office, which is Meraki MX configured as Non-Meraki VPN peers.

The workaround I want to achieve is for this website to be routed through the site-to-site VPN via the Singapore office.

Under static route, I don't see an option where I can select the next hop as "Singapore VPN gateway"

Any advice will be greatly appreciated.

 

Labels:
0 Kudos
Subscribe
6 Replies 6
ww
Kind of a big deal
Kind of a big deal
‎May 29 2024 2:32 AM
‎May 29 2024 2:32 AM

You have to add the website ip to the subnets in your vpn settings

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings#Non-Meraki_VPN_Peers

0 Kudos
Subscribe
In response to ww
JasonNgAcuutech
Comes here often
‎May 29 2024 2:36 AM
‎May 29 2024 2:36 AM

 

Hi,

Forget to mention, in the China network, I added the Public IP in under the "Private subnets" under the Non-Meraki VPN peers to Singapore and can see it reflecting under the Route table.

However, it is still not working.

0 Kudos
Subscribe
In response to JasonNgAcuutech
ww
Kind of a big deal
Kind of a big deal
‎May 29 2024 3:07 AM
‎May 29 2024 3:07 AM

Does the other side have routes back to your source subnet from where you try to access it from

0 Kudos
Subscribe
In response to ww
JasonNgAcuutech
Comes here often
‎May 29 2024 6:03 AM
‎May 29 2024 6:03 AM

Yes. The LAN IP are working between the S2S VPN.

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 29 2024 3:15 AM
‎May 29 2024 3:15 AM

If you want to do it only for a single site you'll need to deploy something like HA Proxy in Singapore.  You can use a config like this:

 

 

frontend https-frontend
        mode tcp
        bind *:443
        default_backend https-backend

backend https-backend
        mode tcp
        balance source
        server website a.b.c.d:443 check check-ssl verify none

 

 

 

 

Where a.b.c.d is the public IP address that the website resolves to.

 

Then create an entry in AD DNS for the exact website FQDN pointing to the private IP address of the HA Proxy server.

0 Kudos
Subscribe
In response to PhilipDAth
JasonNgAcuutech
Comes here often
‎May 29 2024 6:04 AM
‎May 29 2024 6:04 AM

Thanks for the suggestion.

However, we would like to minimise the workaround without deploying more solutions to the infra.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.