About pwallace10

pwallace10 · ‎03-04-2021

Hi, thanks for the input.. Its not NAT or rules, they logs are clear, also a tract to the LAN IP of the MX got into the tunnel, the trace to anything else does not. It has to be that the PFS box is not getting the advertised routes or I need to statically add a route to the other LAN subnets but I cant on PFS. Any other ideas ?

pwallace10 · ‎03-04-2021

I am hoping someone can spot something I am missing... We have a corporate MX installation with a MX250 at the Data Centre, the spokes are a mix of 67's and 100's which all connect via the Dashboard defined VPN's. I have a few small sites for which we did not but MX's, I want to use the PF Sense firewall appliances that we have there. The VPN part is done it was simple enough with the non-meraki VPN config in the dashboard. The issue is that we do not ever terminate our routers onto the local LAN, we always make use of a Isolation LAN, so in the case of the MX250 the LAN address is 10.10.10.9/29 and the PFS box its 10.20.92.2/28 The VPNs are setup to have the branch LAN subnets as P2 and from the DC I can ping anything on the branch side. My problem is the other way, from the branch I can only ping the MX LAN interface. None of the other traffic goes into the PFS firewall IPSEC tunnel. The MX seems to advertise the remote side inward but the PFS box doe snot seem to have a route for anything except what is in the P2 of IPSEC. I see on the PFS I can create a routed VTI but on the MX I cant terminate a routed VTI. Has anyone battled with something like this, what is the work around or what am i missing? There has to be a way to route additional subnets into the PFS box VPN... Peter

pwallace10

Community Record

Re: VPN Between MX250 and PF Sense Firewall with Multiple subnets

VPN Between MX250 and PF Sense Firewall with Multiple subnets