Unable to apply static route

ITNetworker
Conversationalist

Unable to apply static route

We currently have a setup where our remote sites are coming into the Meraki 10.100.116.13 via the S2S tunnels. We also have an ASA firewall 10.100.116.5 on the same subnet. The problem is with our servers.

We have 2 ingress points for each server:

Traffic egressing from sites using the Meraki VPN
Traffic leveraging the current Default Gateway for the environment which is the Cisco ASA

In order for the traffic to route correctly back to the Meraki Sites, static routes are required on each of the servers in the environment that will require the return routes to those sites through the Meraki MX. Adding the routes can be made on any new server deployment to ensure that availability is always available to those Meraki VPN Sites. Whilst this may work for several servers, its not manageable long term.

At the moment we are seeing traffic come into the Meraki > Server > ASA and then dropped as the ASA does not know where the traffic originated (without static route on server)

We would like to route traffic from a test server and at a later date the entire server subnet from the Meraki > ASA > Server > ASA > Meraki. To do this I believe we will need a static route on the Meraki...


I have attached an image to show the end goal we require.

 

ITNetworker_0-1674129821273.png

 

 

When applying the static route I am getting the error below

ITNetworker_2-1674129414445.png

 

 

ITNetworker_1-1674129384874.png

 

 

ITNetworker_0-1674129239797.png

 

 

 

5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal

The route is overlapping you default VLAN interface. You need to use another subnet.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
ITNetworker
Conversationalist

Hi alembrahao,

 

Thanks for the reply. 

 

Would the default subnet of 10.100.0.0/16 need amending to be more specific so to not capture the traffic for 10.100.116.X?

 

I assume I would need to create all VLANs on the meraki instead of using a /16 and pointing it all to the gateway..

alemabrahao
Kind of a big deal
Kind of a big deal

creating each separate subnet will not work, host 10.100.116.159/32. It cannot belong to any of the subintercafes created in MX, so it is necessary to use another subnet.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
ITNetworker
Conversationalist

As in re-ip the server not to be in 10.100.X.X..?

alemabrahao
Kind of a big deal
Kind of a big deal

Or you can create another subnet between the MX and the ASA to do.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels