Meraki

Community

VPN hairpin

jlopez_sv81
Here to help
‎May 11 2023 6:47 AM
‎May 11 2023 6:47 AM

VPN hairpin

Hello, 

Does someone know if the configuration on the diagram is possible?

I am looking connection between Azure networks (vMX) and the networks behind MX84.

 

jlopez_sv81_0-1683812639336.png

 

0 Kudos
7 Replies 7
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 11 2023 6:52 AM
‎May 11 2023 6:52 AM

Yes, It should have to work.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
GreenMan
Meraki Employee
Meraki Employee
‎May 11 2023 7:21 AM
‎May 11 2023 7:21 AM

No - that won't work  (hairpinning non-Meraki and AutoVPN)
Take a look here:   https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior#AutoVPN_and_Non-Meraki_...

Why not reduce your hops / latency by building a tunnel directly from the MX84 to the VMX?   (I assume the two MX appliances are in different Orgs, hence using non-Meraki VPN to inter-connect)

0 Kudos
In response to GreenMan
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 11 2023 7:27 AM
‎May 11 2023 7:27 AM

But you can configure two MX as Non-Meraki VPN Peers and the will be add on the route table. I've configured like that many times and worked as expected.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
ww
Kind of a big deal
Kind of a big deal
‎May 11 2023 7:45 AM
‎May 11 2023 7:45 AM

How does the vmx learn the non meraki vpn routes  in that case?

 

Because normally non meraki vpn routes are not advertised  to the other autovpn participants

0 Kudos
In response to GreenMan
jlopez_sv81
Here to help
‎May 11 2023 8:04 AM
‎May 11 2023 8:04 AM

Hello Gleen,

That was my first option, but for some reason, the non-Meraki VPN won't connect. I have a ticket opened with Meraki.

0 Kudos
In response to GreenMan
jlopez_sv81
Here to help
‎May 11 2023 8:42 AM
‎May 11 2023 8:42 AM

This solution is not working.

 

jlopez_sv81_0-1683819292133.png

 

Can be the issue caused by vMX and MX100 (same organization) having just 1 peer configured to MX84.
 
There is no way to have VPN peers configured differently in MX in the same organization, the configuration is replicated to all of them.
0 Kudos
GreenMan
Meraki Employee
Meraki Employee
‎May 11 2023 7:55 AM
‎May 11 2023 7:55 AM

If both tunnels use non-Meraki VPN, this could be configured to work;   but that's not what is shown in the diagram

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.