We're testing out a vMX100 in AWS right now. We have a vanilla test VPC with a public/private subnet and a NAT gateway.
Current state is:
vMX100 is able to communicate with the Meraki Dashboard
vMX100 AutoVPN is functioning and we're able to communicate with other Meraki networks at remote branches.
Server in the Public subnet is reachable via the Meraki AutoVPN from remote branches.
Server in the Private subnet can communicate bi-directionally with a server in the Public subnet.
Server in the Private subnet is not reachable via the Meraki AutoVPN
I'm trying to figure out what I am missing in terms of routing/security groups to get the server in the Private subnet to communicate over the AutoVPN.
On the vMX100 and in AWS I do have:
vMX - Both the public/private subnets listed under Site-to-Site VPN > VPN Settings > Local Networks.
AWS - The remote AutoVPN subnets added to the route table for both the public and private subnets.
AWS - I've explicitly added to the security groups to allow traffic from the remote Meraki AutoVPN subnets.
I still can't communicate over the AutoVPN to the server in the private subnet, so I assume I am missing something pretty basic. Any tips for anyone that has implemented a vMX in AWS with a public/private subnet?