Static Routing between MX84 and Data Center

ZachM90
Comes here often

Static Routing between MX84 and Data Center

We are using an MX84 as a VPN concentrator for our remote Z3, Z3C, and other MX's in the field. These remote devices have local subnets configured on them that are currently unreachable from our data center. The remote devices and the MX are up on the dashboard and the VPN between them is functioning as well.

 

Where I'm getting stuck is what sort of static route i would need to configure on the MX84 so that the remote subnets can communicate with the data center and vice-versa. The MX84 is using an IP address of 10.106.210.10 and the upstream L3 device in the data center  that contains our core subnets is 10.106.210.1.

 

I tried configuring a static route of 0.0.0.0/0 pointing to 10.106.210.1 on the MX but that does not seem to work. We're still in a proof of concept stage and do plan on using OSPF between the MX and our Core but would like to have at least one Z3 functioning using static routes for now. Thanks!

5 REPLIES 5
NolanHerring
Kind of a big deal

Have you tried adding the 10.x.x.x/YY (data center subnet) as a local subnet on the MX84?
Nolan Herring | nolanwifi.com
TwitterLinkedIn

I believe so, under addressing and vlans -> LAN config i have the subnet defined and the MX IP as the IP ending in .10. Also just to add another note, i've got a static route for the remote subnet defined on the data center L3 device pointing back to the MX so the return traffic should be covered as well. Seems like i'm just missing something on the MX itself because I cannot ping 10.106.210.1 from the MX.
PhilipDAth
Kind of a big deal
Kind of a big deal

If you are running in VPN concentrator mode you should define the DC subnets under "Security & SD-WAN/Site to Site VPN".  Here is an example:

1.PNG

 

Your DC needs a route for the remote spokes via the VPN concentrator.

 

Check out this deployment guide:

https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide

mtainio
Here to help

Have you configured routes back to the remote networks on the L3 device in the data center?

Even if you configure default route for the remote networks on your MX you still need to tell your data center devices where to send the returning traffic.

ZachM90
Comes here often

Thanks for the replies guys, i did have the routes pointing back to the MX configured on our L3 peer. I wanted to get something in place for this morning so I went ahead and enabled OSPF. I've got my adjacency up and all is well now.
The troubleshooter in me wants to roll back and find what the issue was statically but I think we're going to press forward since this was the ultimate goal to get to anyway.

Cheers,

Zach
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels