Site 2 Site non-Meraki VPN same destination subnets with different source networks issue !

WaHoO
Comes here often

Site 2 Site non-Meraki VPN same destination subnets with different source networks issue !

Hi we have an issue where we have a case that destination Non-Meraki VPN peer is using same destination subnet, although source networks are different. Is there any workaround besides doing a NAT on destination. I don't understand the limitation of unique destination subnets, when source networks are different.

 

 

4 Replies 4
MilesMeraki
Head in the Cloud

Are you creating a Non-Meraki peer site-to-site VPN? You're saying that the Meraki networks are the source networks and communicating with a Non-Meraki peer? The Non-Meraki peer site-to-site VPN will create a tunnel from each Meraki network therefore I'm not sure what your problem would be?

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
PhilipDAth
Kind of a big deal
Kind of a big deal

No, you wont be able to resolve this.  Every destination needs to be unique, otherwise how can the MX tell which VPN to send the traffic down?

 

If the remote parties are small you could ask them to re-number their network so it can be unique for you.

WaHoO
Comes here often

Hi, I still don't think this should be a to big issue for Meraki to resolve since although destination IP is the same,  Source IP's and destination VPN peer IP is different.

 

For Example.

 

Source Network: MERAKI-1 LAN IP 172.17.0.0/24 Destination Non-Meraki VPN peer 1.1.1.1 Destination LAN 192.168.0.0/24

Source Network: MERAKI-2 LAN IP 172.17.1.0/24 Destination Non-Meraki VPN peer 2.2.2.2 Destination LAN 192.168.0.0/24

 

These are 2 different crypto maps with different VPN peers, which shouldn't be a problem, or am I thinkig wrong 😉

 

Thanks everyone for help.

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Your thinking wrong.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels