Hello,
Our MX100 hub has a connection to the cloud environment network 10.0.3.0/24. This route is visible on the MX100 routing table as "IPSec Peer" type.
We have a few Z3 spokes configured with AutoVPN, all internal subnets are enabled for the VPN. All works fine, except for the cloud environment access which is unreachable from Z3's because there's no route to it. When I try to add static route on Z3 for the 10.0.3.0/24 network with MX as a next hop I get an error "invalid next hop IP. The IP address is not on a configured subnet." On the hub side - VPN Settings - Local Networks menu this subnet is not visible. How can I send traffic destined for 10.0.3.0/24 network towards MX from Z3?
Solved! Go to Solution.
You need to terminate the IPsec VPN on a different device as there is no routing between manual IPsec VPNs and AutoVPN. Regardless how great and powerful AutoVPN is, for manual VPNs the MX is just not usable.
Or a ipsec on all mx/z
Or cant z models do this?
Thank you. Yeah, was afraid that might be the only option.