cancel
Showing results for 
Search instead for 
Did you mean: 

non-meraki vpn, include client vpn

SOLVED
Getting noticed

non-meraki vpn, include client vpn

All,

 

I have set up a non-meraki vpn tunnel.  

 

I cannot figure out how to include the client vpn network range on the tunnel configuration.  it only allows me to choose existing meraki networks but there is no option for the client vpn range.

Zane D - Network Administrator in Sin City NV
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Head in the Cloud

Re: non-meraki vpn, include client vpn

You use the same "Local Networks" section that you use for AutoVPN. You can't exclude a network from AutoVPN, and include it in third party VPN. 

 

image.png

6 REPLIES
Highlighted
Head in the Cloud

Re: non-meraki vpn, include client vpn

You use the same "Local Networks" section that you use for AutoVPN. You can't exclude a network from AutoVPN, and include it in third party VPN. 

 

image.png

Kind of a big deal

Re: non-meraki vpn, include client vpn

I'm a bit grey on this one, but I'm about 75% sure that no matter what you configure, ClientVPN can not be used to access remote resource on the other side of a non-meraki VPN.

Here to help

Re: non-meraki vpn, include client vpn

Put the client VPN VLAN in a static route under "VLANS-Routes" and make the next hop IP the range of the destination subnet of the non-Meraki peer.

Head in the Cloud

Re: non-meraki vpn, include client vpn

Haha! Three different people, three different answers. At least two of us are wrong... If not all three Smiley Sad

Ben
Building a reputation

Re: non-meraki vpn, include client vpn

@jdsilva

 

I'm think you are right. For the MX devices the Client VPN is just a "local network". 

I think the important part of the configuration is on the NON meraki peer since it needs a route back to the MX for all your subnets if this does not work when including it. 

 

EDIT: quick Google search: I think you are looking for this

 

https://www.willette.works/merging-meraki-vpns/

 

 

Getting noticed

Re: non-meraki vpn, include client vpn

here is the answer supplied by Meraki Support:

 

In order to advertise the addresses from a Meraki client VPN to the non-Meraki devices, go to Security Appliance > Configure > Site to Site VPN, and then under VPN Settings and then Local Networks, you'll see the IP range there(Currently the range is set to 192.168.55.0/24) and then set Use VPN to "Yes".

 

my issue with the whole thing is how disjointed things are to simply create a vpn tunnel.  I have general complaints about the process with Meraki.  sometimes it is an improvement to do things differently than others, but in the case of VPN, which is built on a standard, its weird and frustrating that the various pieces necessary for building a tunnel are in different places.  Its not built using a straight-foward workflow for the various steps required.

 

Also a complaint, since I'm already ranting:  when I created the non-meraki tunnel I added two Meraki sites.  this visually appears to be one tunnel with two network ranges.  but that's not what's happening under the hood.  Its actually building two separate tunnels from each device.  That took a lot of time to figure out...and its silly.

 

thus endeth the rant.

Zane D - Network Administrator in Sin City NV