Meraki Community

Rajinder · ‎Mar 30 2018

Dear All,

I have a network in which I have MX100 and core switches.
MX100 is connected to Internet on a fixed Public IP.

All the SVIs on Core switches

I have a default route towards MX100 and there is a VPN between MX and non meraki device from where all the subnets are getting the services.

I have one subnet 10.x.x.10/27 on Core switch and it has already a default rule towards MX100.

I want to allow only one IP for Internet rest everything should go locally/VPN.

How I can do this ?

PhilipDAth · ‎Mar 31 2018

Layer 3 firewall rules.

When is the destination prefix going over the VPN and I'll mock something up for you.

Rajinder · ‎Mar 31 2018

Dear Philip,

Didn't get it, Can you please define it in detail.

PhilipDAth · ‎Mar 31 2018

If you go:

Security Appliance/Site to Site VPN/Organization-wide settings/Non-Meraki VPN peers

What private subnets have you got listed?

AjitKumar · ‎Apr 1 2018

Hi Rajinder

Check if the following L3 rules helps you achieve your requirement under Security Appliance->Firewall.

Information:

1. Allow Meraki Firewall Subnets and Ports for the Core Switches to reach cloud. (Help->Firewall Info)

2. Allow the specific IP to reach "Any Destination"

3. Allow clients to reach VPN Subnet

4. Deny All Access

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network

Specific IP allow for Internet