Meraki

Community

vMX100 in AWS with public/private subnets

ansan
Conversationalist
‎May 29 2019 9:40 AM
‎May 29 2019 9:40 AM

vMX100 in AWS with public/private subnets

Hi Folks,

 

We're testing out a vMX100 in AWS right now. We have a vanilla test VPC with a public/private subnet and a NAT gateway.

 

Current state is:

  • vMX100 is able to communicate with the Meraki Dashboard
  • vMX100 AutoVPN is functioning and we're able to communicate with other Meraki networks at remote branches.
  • Server in the Public subnet is reachable via the Meraki AutoVPN from remote branches.
  • Server in the Private subnet can communicate bi-directionally with a server in the Public subnet.
  • Server in the Private subnet is not reachable via the Meraki AutoVPN

I'm trying to figure out what I am missing in terms of routing/security groups to get the server in the Private subnet to communicate over the AutoVPN.

 

On the vMX100 and in AWS I do have:

  • vMX - Both the public/private subnets listed under Site-to-Site VPN > VPN Settings > Local Networks.
  • AWS - The remote AutoVPN subnets added to the route table for both the public and private subnets.
  • AWS - I've explicitly added to the security groups to allow traffic from the remote Meraki AutoVPN subnets.

 

I still can't communicate over the AutoVPN to the server in the private subnet, so I assume I am missing something pretty basic. Any tips for anyone that has implemented a vMX in AWS with a public/private subnet?

 

Thanks!

0 Kudos
3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 29 2019 11:36 AM
‎May 29 2019 11:36 AM

You've covered off all the main things.

 

What about the VPC firewall rules (as opposed to the EC2 security groups)?

0 Kudos
In response to PhilipDAth
ansan
Conversationalist
‎May 30 2019 12:12 PM
‎May 30 2019 12:12 PM

I double checked the default security group for the VPC and as a test allowed all traffic inbound/outbound for the remove subnets over the AutoVPN. Unfortunately no change.

 

I'm going to tear down this VPC and set everything back up again to see if I just missed something along the way. If any other ideas pop up from anyone,  happy to try them out.

 

Thanks!

0 Kudos
In response to ansan
Kev75
Just browsing
‎Aug 13 2019 3:32 AM
‎Aug 13 2019 3:32 AM

Hey Ansan, I am having exactly the same issue at the moment. Did you find a resolution in the end?

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.