Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About ngsb
ngsb
Comes here often
Member since Jul 23, 2021
Jul 26 2021
Community Record
3
Posts
0
Kudos
0
Solutions
Jul 23 2021
11:21 PM
So there’s some additional weird I’m hoping you might know if the below solution will work 1. Auto VPN is only working if my VPN Hub (68) is on the edge. There’s unfriendly NAT at the Z3s and for some reason once I put our hub behind the ASA the auto VPN doesn’t maintain. The Z3s are behind a customers firewall so right now it just is this way. Working on a solution Given that: I’d like to keep our 68 connected to ISP on a spare Static IP and this is the Hub (until more connections in future) I’d like to put a Z3 behind our ASA as a concentrator Spoke so the ASA will have that summary route you mentioned pointing to the Z3 for the Meraki subnets But I’m having a problem 192.168.20.1 is the ASA and Z3 is 192.168.20.10 i can ping Meraki subnets from the ASA Lan with my summary route but I can’t establish a TCP connection. Is this because the Meraki thinks the gateway for 192.168.20.0 is itself snd not the ASA? When I try to set a route for this in Meraki it errors because it says it has built one already and I cannot find where to set the gateway IP in the Meraki when I set it to .10 so it knows that for subnet 192.168.20.0/24 the gateway is .1 (ASA) I had the same problem if I set it as a routed VPN spoke.
... View more
Jul 23 2021
2:09 PM
Thank you I will research concentrator I mispoke We are deploying 20 as a proof of concept and when we get to more it will likely be a vMX on AWS or a larger MX on-prem. That helps to know the Meraki is not capable of becoming our firewall due to this rule.
... View more
Jul 23 2021
10:38 AM
I have a situation where I want to replace my ASA with our MX68 "HUB" to what will be approx 300 AutoVPN connections (two pictures of ASA attached - I need to replicate this on my MX68) but one of the things the ASA has is a Site-to-Site VPN to another company which we use to connect to some cell routers in the field. Part of that connection is that we must NAT our traffic destined for 10.80.20.224/27 (Cell Routers) to come from source 172.16.7.112/29. Our normal subnet is 192.x.x.x and our VPN subnet is 192.x.xx.x I'm trying to plan out pulling the ASA to make the MX68 our firewall but I can't see where I would create these rules related to the non-meraki s2s? Alternatively - all 300 Z3s connected to our MX68 will have a single subnet we would like to reach directly from our main MX68 LAN. This works if I'm on the MX68 via clientVPN or locally. If i keep my ASA as my firewall what sort of rules would I have to create to route particular traffic from behind the ASA to these Meraki subnets? Several static routes basically so if we are on the ASA LAN and we want to hit a Meraki subnet the ASA sends that traffic to the MX68? *Email support said call in. I have been on hold for 45 minutes to talk to a human so here I am asking you good folks for assistance! We are a small company with a lot of "sites" we are putting these Z3s at. We enjoy the simplicity of the dashboard vs. the ASA and would be in a better position to manage our networks if we could stay in Meraki, I think.
... View more
© 2024 Cisco Systems, Inc.
