I am hoping someone can spot something I am missing... We have a corporate MX installation with a MX250 at the Data Centre, the spokes are a mix of 67's and 100's which all connect via the Dashboard defined VPN's. I have a few small sites for which we did not but MX's, I want to use the PF Sense firewall appliances that we have there. The VPN part is done it was simple enough with the non-meraki VPN config in the dashboard. The issue is that we do not ever terminate our routers onto the local LAN, we always make use of a Isolation LAN, so in the case of the MX250 the LAN address is 10.10.10.9/29 and the PFS box its 10.20.92.2/28 The VPNs are setup to have the branch LAN subnets as P2 and from the DC I can ping anything on the branch side. My problem is the other way, from the branch I can only ping the MX LAN interface. None of the other traffic goes into the PFS firewall IPSEC tunnel. The MX seems to advertise the remote side inward but the PFS box doe snot seem to have a route for anything except what is in the P2 of IPSEC. I see on the PFS I can create a routed VTI but on the MX I cant terminate a routed VTI. Has anyone battled with something like this, what is the work around or what am i missing? There has to be a way to route additional subnets into the PFS box VPN... Peter
... View more