Site to Site VPN from MX - how to exclude traffic from the tunnel
Hi all, I have a remote site from which all the traffic should be routed to the L2L tunnel except 2 IPs located somewhere in the Internet, lets call them x.x.x.x/32 and y.y.y.y/32 (these 2 are the IPs of SSLVPN gateways and I see no point in pushing the traffic to L2L tunnel just to establish SSLVPN tunnel).
I haven't found any straight forward solution to configure it. Under the configuration of VPN where I have Non-Meraki peer I can put, under Private subnets, only these subnets that are supposed to go through the tunnel. I would be great if there was a possibility to put 0.0.0.0/0 minus x.x.x.x/32 and y.y.y.y/32. I've tried to achieve that with static routing (Private subnets was 0.0.0.0/0 and x.x.x.x/32 and y.y.y.y/32 were routed to the Internet address) but no luck.
Does anybody configured such thing? I imagine that it is not anything uncommon particularly with remote offices.
Re: Site to Site VPN from MX - how to exclude traffic from the tunnel
To route a specific IP through AutoVPN you need to add a static route at the hub and include that into AutoVPN. However to add a static route at the hub you have to add it via another device (so basically the hub MX would need to be in VPN concentrator mode, or you would have to have another device at the hub location providing Internet access).