Routing traffic (to internet, for specific subnets) from MX1 over auto-vpn tunnel to MX2

Solved
rabusiak
Getting noticed

Routing traffic (to internet, for specific subnets) from MX1 over auto-vpn tunnel to MX2

I need some help in figuring out how to configure routing like in title 🙂

Environment:
I have vMX Medium (hub) deployed in Azure. VMX is connected with my MX105 (also hub) in HQ with AutoVPN.
Other branch offices are also connected with AutoVPN (spokes).
I have configured ClientVPN on vMX.

We have important web application used around the world. It contains sensitive data.
Depending on geolocation dns name can resolve to specific subnets A.A.A.A/24, B.B.B.B/24 or C.C.C.C/24
App is configured to allow connections only from HQ external ip range X.X.X.X/27.


Users from branch offices and VPN clients should also have access to this application. I would like to route their traffic to app subnets over AutoVPN tunnel to MX in HQ and then to internet. In short, for specific subnets I would like MX in HQ to be default gateway for other auto vpn peers 🙂

How can this be achieved since on vMX I cannot create static routes? I don't want to route all traffic to HQ (configure vMX as spoke and set "IPv4 default route" to be HQ peer (hub). I tried to create vpn enabled static routes in HQ's MX pointing to one of local MX ips as a next hop but it doesn't work. Traffic is looping and doesn't reach the target. If as next hop I point other router in HQ (sophos) all is working.

1 Accepted Solution
rabusiak
Getting noticed

If someone is looking for an answer here it is: not possible 😕
Had a session with support and this is not supported.

View solution in original post

1 Reply 1
rabusiak
Getting noticed

If someone is looking for an answer here it is: not possible 😕
Had a session with support and this is not supported.

Get notified when there are additional replies to this discussion.