Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

multiple offices site-to-site from one office needs to be allowed to send traffic from the other

Solved
Dave443
Conversationalist
‎Jun 6 2023 7:28 AM
‎Jun 6 2023 7:28 AM

multiple offices site-to-site from one office needs to be allowed to send traffic from the other

Ok, I am going to pair this down to make it easier to understand and explain. Client has multiple sites, but lets just say 2 a office and a data center cause that is all this involved Data Center will be DC , Office will be OFC and 3rd party.

 

So the Servers at the clients DC have a Site to site on the MX to a 3rd party network, Some of the office staff do not use the servers to interact with the 3rd party network. so the network kind of looks like this

 

DC-<->Site2Site<->Office

DC<->Site2Site <->3rd party

DC<-> Client VPN Resides here

 

When users are using the Client VPN, the have complete access to everything on the server and the 3rd party

When in the office, they have access to everything in the DC, but can not reach the 3rd Party

 

I Would rather if at all possible not setup another 3rd Party network site-to-site to the office network, just for a couple of people, but, if thats the last resort.. I will.. Just trying to find if I can just adjust some rules, or routing and get that to work?

0 Kudos
Subscribe
1 Accepted Solution
JonathanSwitch
Meraki Employee
Meraki Employee
‎Jun 6 2023 8:52 AM
‎Jun 6 2023 8:52 AM

The MX will not route between non-meraki vpn peers and auto-vpn peers as described here: https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior#AutoVPN_and_Non-Meraki_...

 

If I am understanding correctly, you have a non-meraki site2site vpn connection between the datacenter and the 3rd party, and then you're using Auto VPN or another non-meraki vpn s2s from the datacenter to the office. 

 

Either way, unfortunately, you'll need to create another site-to-site vpn connection between the office and 3rd party network.

View solution in original post

Subscribe
2 Replies 2
JonathanSwitch
Meraki Employee
Meraki Employee
‎Jun 6 2023 8:52 AM
‎Jun 6 2023 8:52 AM

The MX will not route between non-meraki vpn peers and auto-vpn peers as described here: https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior#AutoVPN_and_Non-Meraki_...

 

If I am understanding correctly, you have a non-meraki site2site vpn connection between the datacenter and the 3rd party, and then you're using Auto VPN or another non-meraki vpn s2s from the datacenter to the office. 

 

Either way, unfortunately, you'll need to create another site-to-site vpn connection between the office and 3rd party network.

Subscribe
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 6 2023 9:32 AM
‎Jun 6 2023 9:32 AM

The @JonathanSwitch is right.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.