Umbrella access from Auto-VPN Hub.

Shaun1387
Getting noticed

Umbrella access from Auto-VPN Hub.

Hi All,

 

I'm sure i'm missing something here.

 

I have a couple of my spokes connected up to umbrella connector hubs with no problem but i cant see any way of getting the Auto-VPN hubs themselves to connect to the umbrella connectors as well. 

 

Im not sure i understand the 'umbrella-hub' expected behaviour here. I would have thought that there would be a way to get access to umbrella direct from the auto-vpn hubs to cater for clients attached to the hub site itself ? 

 

The documentation just mentions that auto-vpn hubs and connector hubs dont automatically form tunnels with each  other, which i can see is the case. But other than that, the document doesn't explain how this can be remedied.

 

How is this designed to work in this scenario ?

 

Cheers all

Shaun

 

 

 

 

 

1 Reply 1
Shaun1387
Getting noticed

Hi All,

 

Think i have worked this out then. 

 

In order for clients connected to the same site as a one armed vpn concentrator in hub mode (in our case, this is a vMX in azure) ,you need to stand up a non-meraki ipsec to umbrella manually. 

 

The documentation suggests that in this config, its not possible for auto-vpn traffic to utilise the hubs non-meraki tunnel to umbrella, so if you need branches to get to umbrella, you still need to set up spoke on-ramp auto-vpn connector tunnels to umbrella in the normal way. 

 

I have it working in this way at the moment but wondered if anyone can confirm that this is the way its 'supposed' to work ?

 

Cheers

Shaun

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels