multiple offices site-to-site from one office needs to be allowed to send traffic from the other

SOLVED
Dave443
Conversationalist

multiple offices site-to-site from one office needs to be allowed to send traffic from the other

Ok, I am going to pair this down to make it easier to understand and explain. Client has multiple sites, but lets just say 2 a office and a data center cause that is all this involved Data Center will be DC , Office will be OFC and 3rd party.

 

So the Servers at the clients DC have a Site to site on the MX to a 3rd party network, Some of the office staff do not use the servers to interact with the 3rd party network. so the network kind of looks like this

 

DC-<->Site2Site<->Office

DC<->Site2Site <->3rd party

DC<-> Client VPN Resides here

 

When users are using the Client VPN, the have complete access to everything on the server and the 3rd party

When in the office, they have access to everything in the DC, but can not reach the 3rd Party

 

I Would rather if at all possible not setup another 3rd Party network site-to-site to the office network, just for a couple of people, but, if thats the last resort.. I will.. Just trying to find if I can just adjust some rules, or routing and get that to work?

1 ACCEPTED SOLUTION
JonathanSwitch
Meraki Employee
Meraki Employee

The MX will not route between non-meraki vpn peers and auto-vpn peers as described here: https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior#AutoVPN_and_Non-Meraki_...

 

If I am understanding correctly, you have a non-meraki site2site vpn connection between the datacenter and the 3rd party, and then you're using Auto VPN or another non-meraki vpn s2s from the datacenter to the office. 

 

Either way, unfortunately, you'll need to create another site-to-site vpn connection between the office and 3rd party network.

View solution in original post

2 REPLIES 2
JonathanSwitch
Meraki Employee
Meraki Employee

The MX will not route between non-meraki vpn peers and auto-vpn peers as described here: https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior#AutoVPN_and_Non-Meraki_...

 

If I am understanding correctly, you have a non-meraki site2site vpn connection between the datacenter and the 3rd party, and then you're using Auto VPN or another non-meraki vpn s2s from the datacenter to the office. 

 

Either way, unfortunately, you'll need to create another site-to-site vpn connection between the office and 3rd party network.

alemabrahao
Kind of a big deal
Kind of a big deal

The @JonathanSwitch is right.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels