Meraki

etw · ‎Oct 1 2024

hi,

I have one question for can i use mx firewall as internet gateway for non-meraki site? I has another site which build site to site VPN via Strongswan.

192.168.1.0/24<---->[192.168.1.1-1.1.1.1(Strongswan)]-------MX84[2.2.2.2,192.168.2.1]<----->192.168.2.0/24

Now, the network 192.168.1.0/24 can access 192.168.2.0/24

I want to set 192168.2.1 as 192.168.1.0/24 internet gateway via Non-meraki VPN tunnel. all internet traffic will be routed to 192.168.2.1.

Is it possible?

Thanks

PhilipDAth · ‎Oct 1 2024

No. If you got another MX and used that instead of StrongSwan you could do this. It is called a full tunnel.

https://documentation.meraki.com/MX/Site-to-site_VPN/Meraki_Auto_VPN_-_Configuration_and_Troubleshoo...

etw · ‎Oct 1 2024

Thanks Phillp,

I know this Meraki full tunnel with Meraki site to site vpn. it require two MX firewal but I only have one at this moment. so, i want to use Strangswan and test it.

Tishman

Hello.

You can try to achive this via client to site VPN. We need only one firewall.

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_Overview

AlexP

Since you have an MX84, it's unfortunately not possible for you to implement what you want owing to firmware limitations.

On newer platforms that can run the MX19.1 branch, what you're asking for is possible now with routed-mode VPNs, though that also requires the use of BGP to signal a return route back across the tunnel for any clients on the non-Meraki side of the tunnel

Meraki

Community

Use MX as internet gateway for non-meraki site

Use MX as internet gateway for non-meraki site