COnnecting an MX100 to another router

Blue_Porter
Just browsing

COnnecting an MX100 to another router

I am trying to figure out a way to create a second VPN connection to our network for contractors outside the United States. The reason we are doing this as we want these contractors to have our IP, so they can connect to Admin and Staging sites.   We currently have our 1 Client VPN which we have set up on Meraki.  Our employees use this when the WFH.    We would like another VPN, that we can set up certain rules within the firewall to not allow contractors to connect to certain areas of our network.  Is there a way to connect the Meraki MX100 to another VPN router (in house) to allow for this to happen? 

 

Thank you! 

5 REPLIES 5
PhilipDAth
Kind of a big deal

Re: COnnecting an MX100 to another router

As you have probably noted, you can only have a single client VPN configured on a Meraki MX.

 

You could use another device to terminate a client VPN, but it would have to be a different technology (not L2TP or IPSEC).  So you could use a Cisco ASA and AnyConnect (which uses SSL).

Blue_Porter
Just browsing

Re: COnnecting an MX100 to another router

Could I connect a VPN Switch, setup a VLAN for the switch, and then setup the VPN?

 

ASA would need to be directly connected to the Meraki, correct?

PhilipDAth
Kind of a big deal

Re: COnnecting an MX100 to another router

You would need to NAT port 443 through to the ASA - so if just needs to be pingable from the MX.  Also note you will need to add a route for the ASA client VPN subnet via the ASA - which means it is much easier if the ASA is in a directly connected subnet behind the MX, but it could also be off a layer 3 switch.

Blue_Porter
Just browsing

Re: COnnecting an MX100 to another router

I appreciate all your help.  I have purchased an ASA and am struggling through some items.  Anyway you can email me, so I can throw some questions your way?  {email address removed by admin}

Chris_M
Getting noticed

Re: COnnecting an MX100 to another router

It would be wise not to throw your email out on the world wide Internet, so I recommend you use direct message to share your email address privately.

Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.