Hi, we currently have an MPLS with another 3rd party and I'm slowly moving away from it to meraki SD-wan.
The last piece of the puzzle is routing traffic to our dealer management system (DMS, we're a car dealer) which is the 3rd party network, we are going to take away all their routers on our sites aside from 2, one is to feed all this DMS traffic out and all other sites will talk to this via the SD-wan and the other we are looking to have as a failover. The 3rd party has said we can do this but their 2 routers need to exist on the same subnet and need to be able to talk to one another, so I'm trying to implement vpn subnet translation.
I have created the same subnets at sites A and B, at site A I have included the required Vlan in the VPN with translation, but how do I setup site B?
It will not let me include it at all in the vpn. I think I have misunderstood how this works.
Since you have the same Subnet declared on 2 sites, the VPN Subnet Translation has to be done on both sides of the VPN tunnel to be able to enable that VLAN over VPN. Please try that and let me know if you see any issues.
I don't think you are going to work around this.
The provider of the DMS routers architecture does not support this. Their HA is only supported via a single site. I bet you will have grief trying to make it work in a way it is not designed.
Let's try flipping it around. Ask them if you can put a "router" in their DC. If so, install your own Internet feed and an MX configured as a hub. You could even use a pair of them if you are keen.
As a bonus, this will probably work out cheaper than paying for the WAN and router. As a double bonus, this will allow all your sites to talk directly to the DMS and be more redundant - and a supported architecture.
So I have translated it on site B so both in the VPN now, however they cannot talk. Would I need to address them by their translated addresses? Where in the dashboard can I see the translated address?
Each site should be trying to reach out to the other side's translated address. So, if you have translated 10.10.10.0/24 to 192.168.10.0/24, the last octet will remain the same for any client. For example, 10.10.10.200 will be 192.168.10.200. Please try this and let me know if you are still unable to get across on the VPN tunnel.
There may be a bigger routing issue at stake here. I am only recommending this for the traffic on those VLANs could traverse the VPN tunnel.
@SeshuYes that makes sense, I can ping using the translated ip address. Thats not gonna work for HSRP on the 3rd party side then. Back to the drawing board but thanks for clearing that up.