Routing a Specific SSID traffic to a Non-Meraki VPN Peer

SOLVED
Vaibhav_Vishnoi
Conversationalist

Routing a Specific SSID traffic to a Non-Meraki VPN Peer

Hi - I am quite new to Meraki devices and looking for some advice/help here.

I have a non-meraki VPN peer on my MX100, which I have to use to forward any traffic from a specific wireless SSID. 

As of now I have 3 different Wireless SSIDs available on my device and using default route to WAN1 (ISP). Now I have to create an additional SSID (e.g. Test_Network) and VLAN associated with this SSID will use a separate private subnet (e.g. 172.16.x.x/23). 

I want to route all the traffic from this subnet to my non-meraki peer VPN and this traffic should not follow WAN1. Also there should not be any impact or change to my existing wireless SSIDs. 

Is this a possibility in MX100 ?

1 ACCEPTED SOLUTION

So you actually want to full tunnel the traffic on the new SSID?

Almost 100% sure thats not possible with Non-Meraki VPN Peer im affraid.

Its easy to do with a Meraki VPN Peer 😉

View solution in original post

7 REPLIES 7
LasseBang
Getting noticed

Guess this would be possible to do by ACL in Firewall rules 🙂

 

But what about normal internet usage you dont want to use WAN1?

Thank you LasseBang for your reply. 

Actually it is to bisect the Internet Usage for a group of users. There is one Corporate SSID which will keep using the Native Internet using local ISP. 

And this new SSID will be used forward the Internet or any traffic to a separate Internet gateway location using the VPN

I hope I am clear in my question. 

So you actually want to full tunnel the traffic on the new SSID?

Almost 100% sure thats not possible with Non-Meraki VPN Peer im affraid.

Its easy to do with a Meraki VPN Peer 😉

Thank you for the quick responses.

And yes you are right wanted to tunneled all the traffic for a specific VLAN or SSID.. will try to look for some other solution. 

Thank you again 🙂 

jdsilva
Kind of a big deal

@LasseBang is correct. There's no way to do what you're asking with a Non-Meraki VPN. 

@jdsilva Thanks for the Feedback! 🙂

PhilipDAth
Kind of a big deal

If you have no other VPNs of any kind, then you should be able to do this by including just the VLAN that has the source traffic (and it will need to be dedicated for this) and specifying a remote encryption domain of 0.0.0.0/0.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.