Traffic Not Being Handed-Off to Non-Meraki Peer VPN

Twitch
Building a reputation

Traffic Not Being Handed-Off to Non-Meraki Peer VPN

Good morning, Crew. I have a question about traffic arriving to our MX via VPLS connection from a remote office. Once the traffic arrives at our data center MX, the MX is not passing the traffic to a non-Meraki peer connection to a remote data center in another state. Traceroute shows the traffic arriving at our MX transit VLAN IP, but then from there it dies.

 

Remote ------VPLS------Data Center------Non-Meraki-------Remote Data

Office                                  MX                Peer VPN                 Center

 

We are trying to get the remote office access to a server in the remote data center. I tried a static route on the MX pointing to the IP remote network, but that didn't change anything.

 

Am I missing something, or will the MX not automatically pass traffic destined for the remote network to the Non-Meraki Peer VPN as the next hop?

 

Thanks!

 

Twitch

1 REPLY 1
Bruce
Kind of a big deal

@Twitch, you’ll need a route on the MX that points to the Remote Office subnet, and then you need to configure the MX to include this route into the VPN. On the Remote Data Centre end you need to make sure that the Remote Office subnet is included as a destination across the VPN so the SA is built properly. (Likewise the non-Meraki VPN peer you create on the MX must have the destination subnet configured to match that of the Remote Data Centre, as advertised by the terminating firewall).

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels