- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vMX100 in AWS with public/private subnets
Hi Folks,
We're testing out a vMX100 in AWS right now. We have a vanilla test VPC with a public/private subnet and a NAT gateway.
Current state is:
- vMX100 is able to communicate with the Meraki Dashboard
- vMX100 AutoVPN is functioning and we're able to communicate with other Meraki networks at remote branches.
- Server in the Public subnet is reachable via the Meraki AutoVPN from remote branches.
- Server in the Private subnet can communicate bi-directionally with a server in the Public subnet.
- Server in the Private subnet is not reachable via the Meraki AutoVPN
I'm trying to figure out what I am missing in terms of routing/security groups to get the server in the Private subnet to communicate over the AutoVPN.
On the vMX100 and in AWS I do have:
- vMX - Both the public/private subnets listed under Site-to-Site VPN > VPN Settings > Local Networks.
- AWS - The remote AutoVPN subnets added to the route table for both the public and private subnets.
- AWS - I've explicitly added to the security groups to allow traffic from the remote Meraki AutoVPN subnets.
I still can't communicate over the AutoVPN to the server in the private subnet, so I assume I am missing something pretty basic. Any tips for anyone that has implemented a vMX in AWS with a public/private subnet?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You've covered off all the main things.
What about the VPC firewall rules (as opposed to the EC2 security groups)?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I double checked the default security group for the VPC and as a test allowed all traffic inbound/outbound for the remove subnets over the AutoVPN. Unfortunately no change.
I'm going to tear down this VPC and set everything back up again to see if I just missed something along the way. If any other ideas pop up from anyone, happy to try them out.
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Ansan, I am having exactly the same issue at the moment. Did you find a resolution in the end?