interesting VPN setup

cclem
New here

interesting VPN setup

vpn.jpg

Looking at setting up a VPN like this. I want all traffic from "device" to route through MX64 at that site. that site will have a Site to Site VPN to my location here. the MX64 here will connect to our LAN and i need the device traffic to drop into the LAN and then get routed. what would be the config at both sides to make something like this happen.

8 REPLIES 8
Nash
Kind of a big deal

First question: Is that a third party tunnel or are you using AutoVPN between devices within the same organization?

 

Second question: Are there other things on Network Left where "Device" lives? Is "Device" the only thing you want to have sending all its data to Network Right?

Auto VPN utilizing MX64 on both sides.

nothing else on the left network, just the "device"

jdsilva
Kind of a big deal


@cclem wrote:

 

 i need the device traffic to drop into the LAN and then get routed. 


What does that mean exactly?

just a statement, i know that usually over a VPN it drops to LAN. i just need to make sure that "device" is on my corporate LAN so that its traffic routes to my core.

jdsilva
Kind of a big deal

It sounds like all you need to do is enablr AutoVPN and then ensure the correct subnets are "In VPN" in the AutoVPN config page. It doesn't sound to me like you need any special config here. Am I missing something?

thanks, this is my first vpn setup on Meraki. i just wanted to make sure i wasn't missing something. thanks for the advice!!

PhilipDAth
Kind of a big deal
Kind of a big deal

You can use auto VPN and put the remote MX64 into full tunnel mode.

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/... 

 

The remote traffic will get routed based on the MX64 route table at your site with the switch.

thank you, i will scour it over!!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels