Documentation Feedback: Site-to-Site VPN Settings

MerakiCommunity
Community Manager
Community Manager

Documentation Feedback: Site-to-Site VPN Settings

This is the community thread for feedback and questions on the documentation article Site-to-Site VPN Settings.

13 REPLIES 13
MerakiCommunity
Community Manager
Community Manager

Please tell us your thoughts about the documentation article Site-to-Site VPN Settings! Do you need any clarifications? Have questions? Think it's great? Let us know below!

cmr
Kind of a big deal
Kind of a big deal

Again a good, if slightly long article as it includes the non Meraki VPN peer information that could be separated?  A couple of tweaks suggested below:

 

  • The net result is an automatic mesh site-to-site VPN solution that is configured with a single click. - If you had one hub with one WAN connection and many spokes with one connection each then there is no mesh, perhaps the word mesh shouldn't be in this particular sentence?
  • This option is only available if the MX-Z device is configured as a Hub. - it only applies to a hub that is not in VPN concentrator mode, this should be made clear.

 

Examples are always good.

If my ISP is providing Metro Ethernet services to our firewall, what is the best mode to operate in? I'll still need to have my L3 gateways on the MX and do IPSec VPN to our datacenter. Thanks!
LeonardoRios
Conversationalist

Hi i have an issue, im trying to create a site to site between Sonicwall and MX64.

I create as Hub mesh in the site of Meraki and all my information its ok but the tunel still down.

How can i test it for search the issue? Or do you know what is wrong.
Rakeshelar
New here

Hi I have to create IP sec tunnel between Meraki MX84 and Cisco router C8200. Is it possible?
Ed_L
Conversationalist

I followed a couple of documents and setup a Site-to-Site VPN tunnel to Azure's VPN Gateway, setup and configured. Once completed, the Gateway says connecting and the Meraki shows it but with red dots indicating not connected.

I double and triple-checked and can't see where I missed anything. I have someone from Azure taking a look at that end to see if I missed anything.

Has anyone had any luck setting this up?

Here's what I followed.
https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site_to_Site_VPN_tunnels_to_Azure_V...

Hi Ed_L

 

Any luck on this issue?

 

I have the same problem using the same instructions as well as others I found. I have reviewed my setup like 4 times with no luck..

 

The documentation seems to be missing something or be incorrect as the other walkthroughs I found said I needed to use a policy based gateway and the Meraki instructions said routed.

 

Issue I found though is that policy based only allowed me to use a basic gen1 vpn which is not compatible with IKEv2.

 

Stuck on this one.

deadpool
Conversationalist

"With FQDN configuration, the hostname of the remote peer would automatically get resolved each time a connection is initiated."

Is it 100% true?
Please confirm this feature bypasses DNS cache on the appliance, and it really resolves the name every time it tries a connection!
vasanth0611
New here

Hi we are using meraki mx router and there are nearly 7 network in that each network we have the establish the non meraki tunnel to external Palo firewall we are plan to add new devise to the new network and like to configure the new non-meraki vpn on the new site but my old tunnel are we down
AlexChiang
New here

Can Dynamic IP worked with meraki IPsec site-to-site VPN?
kkarpins
Meraki Employee
Meraki Employee

Please add information that if for Non Meraki VPN Availability field will be left empty it will be assigned with All Networks by default. All Networks is the default value. Thanks.
daviluon
Meraki Employee
Meraki Employee

Might be good to add the below when a CU is using NAT Traversal:

Ports used for IPsec tunneling:

Source UDP port range 32768-61000
Destination UDP port range 32768-61000
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.