Meraki

Community

local Network on site to site VPN merak

Solved
lindo123
Conversationalist
‎Mar 21 2019 2:02 AM
‎Mar 21 2019 2:02 AM

local Network on site to site VPN merak

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

topology.jpg

 

local netwrok.png

 


hi all


please help me to get an explanation

I have topology as attached, I will create a site to site VPN between HUB and SPOKE, but I will allow subnets that are not in the MX device, the subnet that I will allow on the VPN is 10.10.10.0/24 for HUB, but in the local configuration the network can't be in costum, what is the solution?

 

0 Kudos
1 Accepted Solution
In response to GreenMan
jdsilva
Kind of a big deal
‎Mar 21 2019 7:33 AM
‎Mar 21 2019 7:33 AM

In addition to what these guys are saying, I think you might be asking about including a subnet in AutoVPN that's not directly connected to the MX. To do that you need to create a static route on the MX for your network, and then include the static route in the VPN. 

 

On the Addressing & VLANs page configure a static route and check the "In VPN" box.

 

image.png

 

 

Now you will see the network in the Site to Site VPN page:

 

image.png

http://blog.brokennetwork.ca | @jdsilva

View solution in original post

5 Replies 5
ww
Kind of a big deal
Kind of a big deal
‎Mar 21 2019 2:38 AM
‎Mar 21 2019 2:38 AM

https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Applian...

 

https://documentation.meraki.com/?title=MX/Networks_and_Routing/MX_Addressing_%26_VLANs#Addressing&V...

In response to ww
lindo123
Conversationalist
‎Mar 21 2019 3:39 AM
‎Mar 21 2019 3:39 AM

oh i see , the device must be configure to NAT mode Concentrator right ?

https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Applian...

0 Kudos
In response to lindo123
GreenMan
Meraki Employee
Meraki Employee
‎Mar 21 2019 3:58 AM
‎Mar 21 2019 3:58 AM

In the topology you show, where both MXs have an 'Inside' (LAN) and an 'Outside' (WAN) then yes, both MXs should be  in NAT (now Routed) mode.   If you configure an MX as a VPN Concentrator and use a LAN and a WAN port, it operates as Passthrough (layer 2) device only.    An MX used as a Concentrator, for Meraki AutoVPN deployments should be implemented as a one-armed device (connected via WAN port), with any Internet link protected by an upstream firewall.

In response to GreenMan
jdsilva
Kind of a big deal
‎Mar 21 2019 7:33 AM
‎Mar 21 2019 7:33 AM

In addition to what these guys are saying, I think you might be asking about including a subnet in AutoVPN that's not directly connected to the MX. To do that you need to create a static route on the MX for your network, and then include the static route in the VPN. 

 

On the Addressing & VLANs page configure a static route and check the "In VPN" box.

 

image.png

 

 

Now you will see the network in the Site to Site VPN page:

 

image.png

http://blog.brokennetwork.ca | @jdsilva
In response to jdsilva
lindo123
Conversationalist
‎Mar 21 2019 7:41 AM
‎Mar 21 2019 7:41 AM

thanks for help

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.