Site-to-Site VPN with non-Meraki peer

ctvu
Conversationalist

Site-to-Site VPN with non-Meraki peer

Hi All,

Here is what I'd like to achieve.

 

Meraki A (spoke) -------> Meraki B (Hub) ---------------------> non-Meraki peer C

                                                                   site-to-site VPN

 

The connection as above is all good up and running, however I'd like to get Meraki A to be able to "see" non-Meraki peer site C. How can I go about it?

Any help would be appreciated.

 

Regards

3 Replies 3
Bruce
Kind of a big deal

You can't do that in the way you've shown. The routing to reach site C isn't shared across the AutoVPN, so Site A will never be able to communicate to Site C, and vice-versa.

 

The way you achieve it in a Meraki environment is by building a site-to-site VPN in Meraki which establishes endpoints in both Site A and Site B, and then in Site C you need to configure two VPNs, one which comes from Site A and one from Site B. The only other way is to introduce another VPN termination into the environment (e.g. a Cisco Firepower, or other firewall of choice) at Site B which terminates the VPN from Site C, and then you establish appropriate routing to/from the new VPN termination (firewall), and distribute this into the AutoVPN.

ctvu
Conversationalist

Thank you Bruce very much for the help.

I think the way you suggested should work. I'll give it a go

 

Regards

rwiesmann
A model citizen

Hi, 

i just had the same issue recently...how i solved it...I installed on the HUB site 2 MX's. One terminating the AutoVPN the other terminateing the non Meraki VPN. Had to create 2 organization...the routing between the 2 domains a have done on the lan side of the 2 HUB MX's.

 

                                                                                    routing

Meraki A (spoke) ----> Meraki B1 (Hub AutoVPN)  <----------> Meraki B2 (Hub non Meraki VPN) ----> non-Meraki peer C

                                                                   site-to-site VPN

 

rgds

roger

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels