cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About gt1

Re: VPN - spoke sites cannot reach networks beyond the hub unless 'default ...

by in Security / SD-WAN
‎10-27-2019 08:17 PM
‎10-27-2019 08:17 PM
It does indeed list the routes, the the hub correctly listed in the 'via' section, however the status of the route never resolves. It simply shows a spinner indefinitely. The status of the directly connected networks and those of the hub device show as green, as expected. ... View more

VPN - spoke sites cannot reach networks beyond the hub unless 'default rout...

by in Security / SD-WAN
‎10-27-2019 05:34 PM
‎10-27-2019 05:34 PM
We have an issue with routing for sites that are connected as 'spokes' using site-to-site VPN. If the 'default route' box is not checked, these spoke sites can only access the subnets advertised by the hub they are connecting to. All subnets in the rest of the mesh are inaccessible.   If the 'default route' box is checked, all subnets are accessible however this sends all traffic across the VPN to the hub which is not what we want. We wish for traffic to break out at the local Internet link if they if it is not destined for a network inside the VPN.    Using the packet capture, I can see that traffic destined for VPN subnet (beyond the hub) is sent out of the Internet interface rather than the site-to-site VPN interface. This is why it is not working. So it is as if the route table is not correct on the spoke end.   Packets originating at the other end (from a VPN subnet beyond the hub) make it all the way to the spoke site, but obviously the reply is lost due to the above.   Is there something I am missing here?   Spoke sites are MX64s on 14.40.    ... View more
© 2023 Meraki