cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Site to Site VPN MX > VMX > AWS

Highlighted
New here

Site to Site VPN MX > VMX > AWS

Hi,

 

I have small issue with MX > auto VPN > vMX > Ipsec > AWS 

 

I have in MX 10.196.0.0/20 ,  In vMX   10.3.0.0/20   and in AWS 192.168.0.0/16 

 

From MX Im able to reach vMX network but not able to reach Native AWS Site to site 192.168.0.0/16

 

In VMX I have created local subnet 10.30.0.0/20 and when trying to ping 192.168.0.22 My Ping coming from the MX 10.196.0.0/20 but route back is using default route and send traffic out via default route. 

 

Im looking for 2 solution.

1. How to back route from AWS 192.168.0.0/16 via VMX to MX.

2. How to deploy Native AWS S2S to vMX and this config not deploy to MX, then create new Native AWS S2S  to MX100. This is not possible because configuration for S2S is deployed automatically to all organization firewalls and I have overlapping subnets 192.168.0.0/16 if try to create  MX > AWS  AND vMX > AWS . 

 

 

3 REPLIES 3
Highlighted
Kind of a big deal

Re: Site to Site VPN MX > VMX > AWS

If you are using a vMX in AWS - why would you want to use a seperate VPN?

Highlighted
New here

Re: Site to Site VPN MX > VMX > AWS

vMX is in different AWS environment and 192.168.0.0/16 is in another AWS environment.

 

vMX - AWS A

192.168.0.0/ - AWS B

 

No VPC peering between AWS A and AWS B

Highlighted
Kind of a big deal

Re: Site to Site VPN MX > VMX > AWS

Non-meraki VPN routes can not be distributed via AutoVPN.

 

So you would need to build a VPN from the 192.168.0.0/16 AWS environment to both the vMX and the on-premise MX.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.