What is the best practice to connect a non-Meraki VPN peer (e.g. our Azure or AWS services) to our auto-VPN sites (networks)?
Seems this cannot work purely within Meraki:
An MX Security Appliance can establish tunnels to both Auto VPN and Non-Meraki VPN peers. The MX will send traffic to those VPN peers using the principles discussed above. However, an MX that builds tunnels to both Auto VPN and Non-Meraki VPN peers, will not route traffic between the non-Meraki VPN peers and other Auto VPN peers. |
... yet this seems a fairly common SD-WAN configuration for any org with multiple branches and hybrid or MSP-managed environment?
P.S. The other parts I can't seem to wrap my head around:
- why is there an "availability" configuration in non-Meraki VPN peering settings? Just in case remote networks aren't connected via auto-VPN but via some other mechanism?
- when "availability" is set to "all networks", the non-Meraki VPN peer is lit up green on the network where it's configured, and red on all others. Is this Meraki way of saying, "we don't support this configuration even though our UI provides no indication that it won't work during configuration"?