Meraki

koniu · ‎Sep 15 2022

Hello,

Our MX100 hub has a connection to the cloud environment network 10.0.3.0/24. This route is visible on the MX100 routing table as "IPSec Peer" type.

We have a few Z3 spokes configured with AutoVPN, all internal subnets are enabled for the VPN. All works fine, except for the cloud environment access which is unreachable from Z3's because there's no route to it. When I try to add static route on Z3 for the 10.0.3.0/24 network with MX as a next hop I get an error "invalid next hop IP. The IP address is not on a configured subnet." On the hub side - VPN Settings - Local Networks menu this subnet is not visible. How can I send traffic destined for 10.0.3.0/24 network towards MX from Z3?

GreenMan · ‎Sep 15 2022

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior#AutoVPN_and_Non-Meraki_... It's not model-dependent

View solution in original post

KarstenI · ‎Sep 15 2022

You need to terminate the IPsec VPN on a different device as there is no routing between manual IPsec VPNs and AutoVPN. Regardless how great and powerful AutoVPN is, for manual VPNs the MX is just not usable.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

ww · ‎Sep 15 2022

Or a ipsec on all mx/z

Or cant z models do this?

koniu · ‎Sep 15 2022

Thank you. Yeah, was afraid that might be the only option.

GreenMan · ‎Sep 15 2022

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior#AutoVPN_and_Non-Meraki_... It's not model-dependent

Meraki

Community

Z3 static route to MX hub

Z3 static route to MX hub