To add to Chris' comments regarding the configuration of the default route for Meraki appliances operating as VPN Type: Hub. The configuration is done on the Secure Connect > Sites page From the list of connected sites at the bottom of the page, click somewhere in the whitespace of the Hub you want to configure the default route for and a slider window should appear Under the Remote Routes section, you'll find Default Route: Disabled (by default), select the 'Disabled' hyperlink From the pop-up window, select the radio button to Enable Default Route, and then Confirm Documentation: Meraki SD-WAN Hub Integration with Secure Connect Within the same documentation, have a review of the section titled Platform Optimization for Hub Integration. This has been applied by default for all newly provisioned Secure Connect customers for a little while, but depending on when you provisioned the solution it may be worth reviewing and confirming with support that is has been enabled. Final comments I'll make is connected to Chris' statements about scenarios where the default route could negatively impact clients. It is a good idea to enable this during a scheduled maintenance window as the UI elements in the Dashboard to configure Local Internet Breakout / VPN Exclusion rules won't appear until the appliance's configuration meets certain criteria (i.e. it has a default route from Secure Connect). Depending on the amount of VPN Exclusion rules, you may do this directly in the Dashboard, or utilize the API endpoint to make this a programmatic workflow. Documentation: VPN Full-Tunnel Exclusion (Application and IP/URL Based Local Internet Breakout) Cisco Meraki Dashboard APIs Meraki Dashboard APIs (Developer Hub)
... View more
