Meraki

Community

Spoke-2-Spoke Communication!

khurram
Here to help
‎Oct 30 2019 1:52 PM
‎Oct 30 2019 1:52 PM

Spoke-2-Spoke Communication!

Greetings,

 

I want to establish that spoke-2-spoke communication in a VPN tunnel. I am using MX600 in my HO and i.e. HUB. on 2 locations using MX65w - Spoke & on 2 locations using cisco router. All 4 sites are connected with HO through VPN but spoke cannot communicate with other spoke. Kindly help me to fix this issue.

0 Kudos
3 Replies 3
Network-dad
A model citizen
‎Oct 30 2019 2:16 PM
‎Oct 30 2019 2:16 PM

If you are trying to communicate from spoke to spoke why don't you just set all MX's as a hub (Mesh) VPN?... https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Hub-and-spoke_VPN_Connections_on_th...

Dakota Snow | Network-dad Linkdedin
CMNO | A+ | ECMS2
Check out The Bearded I.T. Dad onThe Bearded I.T. DadThe Bearded I.T. Dad
In response to Network-dad
BrechtSchamp
Kind of a big deal
‎Oct 31 2019 1:39 AM
‎Oct 31 2019 1:39 AM

As @Nash already mentioned, we first need clarification if the OP is talking about AutoVPN or not. But let's assume he is.

 

@Network-dad it's not necessary to set them up as mesh to make the spokes communicate each other. By default the site-to-site VPN firewall allows communication between subnets that participate in AutoVPN. The packets will be routed over the hub in a hub-and-spoke configuration but it should work fine.

 

So @khurram , what is your site-to-site VPN firewall configuration? This is the default and should allow inter-spoke communication:

image.png

And have you included your spoke subnets into VPN? In other words, is the dropdown set to "VPN On"?

image.png

Nash
Kind of a big deal
‎Oct 30 2019 2:29 PM
‎Oct 30 2019 2:29 PM

Let me make sure I understand here:

You have an MX600 as your HUB.

 

Two sites are using MX65W.

 

Two sites are using Cisco routers.

 

Are you using AutoVPN between the MX65W and the MX600, or a regular third party tunnel?

 

Edit: If you're using AutoVPN with your Meraki devices, they won't be able to talk to your Cisco routers. Aaron Willette has a design for allowing AutoVPNed Meraki devices access to resources over other tunnels: https://www.willette.works/merging-meraki-vpns/

Windows 10 Client VPN scripts: Makes life better!
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.