non-meraki VPN peers

Solved
Yasuomi
Here to help

non-meraki VPN peers

Set up three site-to-site VPNs in Organization-wide settings. (non-meraki VPN peers)
The two sites are pure VPN communications, but the one site communicates all Internet traffic.
 
Question 1, Does the configured “Non-Meraki VPN peers” work in order from the top?
 
Question 2, If a guest network is created and provided, is it possible to have the traffic communicate directly from the WAN of MX without communicating with Site1?
 
Question 3, If source IP and destination IP are specified in "SD-WAN & traffic shaping" Flow preferences> Internet traffic, will it take precedence over non-meraki VPN peers settings?
1 Accepted Solution
Yasuomi
Here to help

Thank you very much.

I am Understand.

 

ありがとうございました。

 

View solution in original post

4 Replies 4
DensyoV
Meraki Employee
Meraki Employee

Hi,

 

Please find my answers below:

 

Question 1, Does the configured “Non-Meraki VPN peers” work in order from the top?
- No, it is based on the destination subnet whichever is more specific. You may verify it from the routing table of the MX.

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior

Question 2, If a guest network is created and provided, is it possible to have the traffic communicate directly from the WAN of MX without communicating with Site1?
- If the guest network is not advertised to the VPN on the site-to-site VPN configuration then it won't be able to communicate across the tunnel

Question 3, If source IP and destination IP are specified in "SD-WAN & traffic shaping" Flow preferences> Internet traffic, will it take precedence over non-meraki VPN peers sett
- No, the Meraki will only form a VPN to a non-Meraki VPN peer on the chosen primary uplink

 

Hope this helps.

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.
Yasuomi
Here to help

 

Hi,

Thank you for your reply.

 

Question 2, If a guest network is created and provided, is it possible to have the traffic communicate directly from the WAN of MX without communicating with Site1?

 

- If the guest network is not advertised to the VPN on the site-to-site VPN configuration then it won't be able to communicate across the tunnel

 

-- This question is a non-meraki VPN peer, not Meraki auto VPN.

 

Question 3, If source IP and destination IP are specified in "SD-WAN & traffic shaping" Flow preferences> Internet traffic, will it take precedence over non-meraki VPN peers sett
- No, the Meraki will only form a VPN to a non-Meraki VPN peer on the chosen primary uplink

 

-- When the default route is directed to Site1 (non-meraki VPN peer)
Can guest network clients communicate directly from the MX WAN?

 

 

 

Thank you in advance.

 

 

 

DensyoV
Meraki Employee
Meraki Employee

Hi,

Thank you for your reply.

 

Question 2, If a guest network is created and provided, is it possible to have the traffic communicate directly from the WAN of MX without communicating with Site1?

 

- If the guest network is not advertised to the VPN on the site-to-site VPN configuration then it won't be able to communicate across the tunnel

 

-- This question is a non-meraki VPN peer, not Meraki auto VPN.

 

ans: advertising local LAN to VPN applies to both auto-VPN and non-Meraki VPN peer

 

Question 3, If source IP and destination IP are specified in "SD-WAN & traffic shaping" Flow preferences> Internet traffic, will it take precedence over non-meraki VPN peers sett
- No, the Meraki will only form a VPN to a non-Meraki VPN peer on the chosen primary uplink

 

-- When the default route is directed to Site1 (non-meraki VPN peer)
Can guest network clients communicate directly from the MX WAN?

 

ans: there is no option to configure source-based from the Dashboard but please call the Meraki support if they can exclude the guest network from full-tunnel or using the default route via the VPN

 

 

Thank you in advance.

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.
Yasuomi
Here to help

Thank you very much.

I am Understand.

 

ありがとうございました。

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels