Hi Team,
I have Meraki auto-vpn deployed in three sites (three spoke sites + one hub site). We want few web URL request generating from spoke site users to be routed through the VPN tunnel and offload to hub site. Other browsing requests should be routed towards local internet lines.
Any idea how to implement this?
@MijanurRahman wrote:Hi Team,
I have Meraki auto-vpn deployed in three sites (three spoke sites + one hub site). We want few web URL request generating from spoke site users to be routed through the VPN tunnel and offload to hub site. Other browsing requests should be routed towards local internet lines.
Any idea how to implement this?
Whilst what I suggest doesn't specifically answer your question, it does provide a methodology -
I use masquerade to transparently link to specific VPN servers when a URL contains a specific address.
So if the device attempts to directly access, say "https://fishflix.fr" from a location in ".ie", the request is transparently routed via tunnelcritter (a VPN service) to to a server in .fr, from where fishflix.fr is located and offers a service to those accessing from within the fr regulatory domain.
Note: names have been changed to protect the innocent.
Thanks for your reply @Uberseehandel
But how to implement it in Meraki MX scenario?
@MijanurRahman wrote:Thanks for your reply @Uberseehandel
But how to implement it in Meraki MX scenario?
Use the hosts file on the devices
Oh no, there are 2500+ devices per site, 99% of them are mobile users - I don't see that is doable.
You should be able to create a route under Security Appliance>Addressing & Vlans>Add Static Route
Then create a route to the websites you desire and route it through your hub site.
If you have a policy server, controlling the hosts file is simple - you can use Group Policy Preferences to copy the hosts file
GPMC - Computer Configuration - Preferences - Windows Settings - Files
'Replace' from a network share to %SystemDir%\drivers\etc\hosts
The if you need to add/remove websites at some point in the future, you only need edit the hosts file on the network share and it will be copied over the hosts file on each client.