hi all
please help me to get an explanation
I have topology as attached, I will create a site to site VPN between HUB and SPOKE, but I will allow subnets that are not in the MX device, the subnet that I will allow on the VPN is 10.10.10.0/24 for HUB, but in the local configuration the network can't be in costum, what is the solution?
Solved! Go to solution.
In addition to what these guys are saying, I think you might be asking about including a subnet in AutoVPN that's not directly connected to the MX. To do that you need to create a static route on the MX for your network, and then include the static route in the VPN.
On the Addressing & VLANs page configure a static route and check the "In VPN" box.
Now you will see the network in the Site to Site VPN page:
oh i see , the device must be configure to NAT mode Concentrator right ?
https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Applian...
In the topology you show, where both MXs have an 'Inside' (LAN) and an 'Outside' (WAN) then yes, both MXs should be in NAT (now Routed) mode. If you configure an MX as a VPN Concentrator and use a LAN and a WAN port, it operates as Passthrough (layer 2) device only. An MX used as a Concentrator, for Meraki AutoVPN deployments should be implemented as a one-armed device (connected via WAN port), with any Internet link protected by an upstream firewall.
In addition to what these guys are saying, I think you might be asking about including a subnet in AutoVPN that's not directly connected to the MX. To do that you need to create a static route on the MX for your network, and then include the static route in the VPN.
On the Addressing & VLANs page configure a static route and check the "In VPN" box.
Now you will see the network in the Site to Site VPN page:
thanks for help