Wednesday, May 16, 2018

Routing VPN traffic between Meraki MX84 and ASA 5505

Hello everyone! My head has been spinning at this issue ever since we put in new Meraki appliances. There turned out to be a limitation where we cannot just send specific IP addresses over a VPN tunnel. The whole subnet has to be sent instead. We have a partner company who has very many VPN tunnels set up, and they couldn't accept our entire 10.0.10.0/24 subnet over the Site to Site VPN because they have other clients within that same private subnet range. After learning this, I had to get creative, and that's why I'm here. We have some Cisco ASA 5505 devices laying around. Is there a way to have that VPN connection terminate on the ASA with an internal subnet of 10.0.5.0/24 and route the traffic from the VPN tunnel to the Meraki MX84? How can I get the traffic destined for the partner company's network to then route from the MX84 to the ASA and out of the ASA VPN tunnel? The ASA will have its own public IP address as well.

Any help would be appreciated!



No comments:

Post a Comment