Meraki

Community

About AFarnsworth

Re: Issues resolving DNS queries with vMX in concentrator mode

by in Cloud Security & SD-WAN (vMX)
‎May 20 2024 7:08 AM
2 Kudos
‎May 20 2024 7:08 AM
2 Kudos
Hey all, appreciate all the info. Found out that it was because I have the site-to-site VPN setup as the default route after being in concentrator mode. After flipping that everything worked as expected. Thanks! ... View more

Issues resolving DNS queries with vMX in concentrator mode

by in Cloud Security & SD-WAN (vMX)
‎May 15 2024 10:18 PM
‎May 15 2024 10:18 PM
We currently have a vMX in Routed mode because of some headaches concentrator mode has been causing but I am hoping to flip back to concentrator mode soon to resolve some issues caused by not having bidirectional traffic.   Our current setup is:   On prem (10.1.0.0/24) -> Meraki MX (10.1.0.1) -> S2S VPN -> vMX (10.2.0.1) -> AWS Transit Gateway -> Server VPC (10.3.0.0/24)   The server VPC route table is: 10.1.0.0/24 -> Transit Gateway 10.2.0.0/24 -> Transit Gateway 10.3.0.0/24 local   TGW route table: 10.1.0.0/24 -> vmx vpc 10.2.0.0/24 -> vmx vpc 10.3.0.0/24 -> server vpc   vMX VPC route table is: 10.1.0.0/24 -> vMX ENI 10.2.0.0/24 local 10.3.0.0/24 -> Transit Gateway   Security groups and nacls are wide open for testing this but DNS servers that live in the server VPC will not respond to clients on-prem and I am genuinely am out of ideas as to why they won't respond.   I can send ICMP packets bidirectionally w/o issue but DNS packets just won't send past the VMX. Not sure where else to look but has anyone else experienced anything similar? ... View more
Labels:
My Accepted Solutions
View all
© 2024 Cisco Systems, Inc.