Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
As I understand it we finally have a semi route based solution where only one TS will be used for 0.0.0.0/0 and then use an eBGP session with the remote VPN peer over a tunnel subnet allowing for routing of local and autoVPN subnets to external networks.
The only disturbing thing I found with this is that the local MX will advertise ALL local VPN enabled networks in addition to the AutoVPN received iBGP routes which basically means your entire enterprise... and also inbound you will receive all the routes the peer sends you. Since BGP is a trust based system...
Question 1: Are there plans to make in and outbound filtering of routes available per BGP session? Question 2: Does this work seamless with VPN subnet translation? Question 3: Is there a way to filter outbound or inbound packets over the IPsec VPN? Question 4: When will we finally have the ability to just use static route based VPN's and control which local subnets we announce to which peer? Both route based and policy based.
I admire you for still having hope for extranet VPNs.
-- If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
You got me there at least half. You can apply outbound VPN firewall rules towards non-Meraki VPN peers but you cannot block incoming, so you are trusting the external network to not send unwanted traffic.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
