cancel
Showing results for 
Search instead for 
Did you mean: 

vMX100 in AWS with public/private subnets

Conversationalist

vMX100 in AWS with public/private subnets

Hi Folks,

 

We're testing out a vMX100 in AWS right now. We have a vanilla test VPC with a public/private subnet and a NAT gateway.

 

Current state is:

  • vMX100 is able to communicate with the Meraki Dashboard
  • vMX100 AutoVPN is functioning and we're able to communicate with other Meraki networks at remote branches.
  • Server in the Public subnet is reachable via the Meraki AutoVPN from remote branches.
  • Server in the Private subnet can communicate bi-directionally with a server in the Public subnet.
  • Server in the Private subnet is not reachable via the Meraki AutoVPN

I'm trying to figure out what I am missing in terms of routing/security groups to get the server in the Private subnet to communicate over the AutoVPN.

 

On the vMX100 and in AWS I do have:

  • vMX - Both the public/private subnets listed under Site-to-Site VPN > VPN Settings > Local Networks.
  • AWS - The remote AutoVPN subnets added to the route table for both the public and private subnets.
  • AWS - I've explicitly added to the security groups to allow traffic from the remote Meraki AutoVPN subnets.

 

I still can't communicate over the AutoVPN to the server in the private subnet, so I assume I am missing something pretty basic. Any tips for anyone that has implemented a vMX in AWS with a public/private subnet?

 

Thanks!

3 REPLIES 3
Kind of a big deal

Re: vMX100 in AWS with public/private subnets

You've covered off all the main things.

 

What about the VPC firewall rules (as opposed to the EC2 security groups)?

Conversationalist

Re: vMX100 in AWS with public/private subnets

I double checked the default security group for the VPC and as a test allowed all traffic inbound/outbound for the remove subnets over the AutoVPN. Unfortunately no change.

 

I'm going to tear down this VPC and set everything back up again to see if I just missed something along the way. If any other ideas pop up from anyone,  happy to try them out.

 

Thanks!

New here

Re: vMX100 in AWS with public/private subnets

Hey Ansan, I am having exactly the same issue at the moment. Did you find a resolution in the end?

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.