Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

local Network on site to site VPN merak

Solved
lindo123
Conversationalist
‎Mar 21 2019 2:02 AM
‎Mar 21 2019 2:02 AM

local Network on site to site VPN merak

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

topology.jpg

 

local netwrok.png

 


hi all


please help me to get an explanation

I have topology as attached, I will create a site to site VPN between HUB and SPOKE, but I will allow subnets that are not in the MX device, the subnet that I will allow on the VPN is 10.10.10.0/24 for HUB, but in the local configuration the network can't be in costum, what is the solution?

 

0 Kudos
Subscribe
1 Accepted Solution
In response to GreenMan
jdsilva
Kind of a big deal
‎Mar 21 2019 7:33 AM
‎Mar 21 2019 7:33 AM

In addition to what these guys are saying, I think you might be asking about including a subnet in AutoVPN that's not directly connected to the MX. To do that you need to create a static route on the MX for your network, and then include the static route in the VPN. 

 

On the Addressing & VLANs page configure a static route and check the "In VPN" box.

 

image.png

 

 

Now you will see the network in the Site to Site VPN page:

 

image.png

http://blog.brokennetwork.ca | @jdsilva

View solution in original post

Subscribe
5 Replies 5
In response to ww
lindo123
Conversationalist
‎Mar 21 2019 3:39 AM
‎Mar 21 2019 3:39 AM

oh i see , the device must be configure to NAT mode Concentrator right ?

https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Applian...

0 Kudos
Subscribe
In response to lindo123
GreenMan
Meraki Employee
Meraki Employee
‎Mar 21 2019 3:58 AM
‎Mar 21 2019 3:58 AM

In the topology you show, where both MXs have an 'Inside' (LAN) and an 'Outside' (WAN) then yes, both MXs should be  in NAT (now Routed) mode.   If you configure an MX as a VPN Concentrator and use a LAN and a WAN port, it operates as Passthrough (layer 2) device only.    An MX used as a Concentrator, for Meraki AutoVPN deployments should be implemented as a one-armed device (connected via WAN port), with any Internet link protected by an upstream firewall.

Subscribe
In response to GreenMan
jdsilva
Kind of a big deal
‎Mar 21 2019 7:33 AM
‎Mar 21 2019 7:33 AM

In addition to what these guys are saying, I think you might be asking about including a subnet in AutoVPN that's not directly connected to the MX. To do that you need to create a static route on the MX for your network, and then include the static route in the VPN. 

 

On the Addressing & VLANs page configure a static route and check the "In VPN" box.

 

image.png

 

 

Now you will see the network in the Site to Site VPN page:

 

image.png

http://blog.brokennetwork.ca | @jdsilva
Subscribe
In response to jdsilva
lindo123
Conversationalist
‎Mar 21 2019 7:41 AM
‎Mar 21 2019 7:41 AM

thanks for help

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.