Leverage EdgeRouter for IKEv2

BBFred
Here to help

Leverage EdgeRouter for IKEv2

Does somebody have experience with using another VPN device behind (or in front?) of an MX device (in my situation an MX-84)? I've given up on trying to get IKEv1 working with Azure, and instead of buying a very expensive license for a vMX I thought buying two EdgeRouters for ~300 euros a piece and placing them in both locations we have could be a more productive solution (also because I'm very opposed to using the vMX since its an extremely overpriced solution for a protocol that should've been implemented a long time ago).

 

So what I want to do is use something like an EdgeRouter to set up the VPN connection with Azure but use all the other functionalities of the MX's. Could somebody point me in the right direction if this is possible?

2 REPLIES 2
PhilipDAth
Kind of a big deal
Kind of a big deal

Use a StrongSwan instance in Azure.  It is rock solid reliable.

http://www.ifm.net.nz/cookbooks/meraki-vpn-to-azure.html

The problem is that it won't allow a situation where two site-to-site connections try to connect to the same foreign subnet because every Meraki router in the organization automatically makes a connection with each other. How do I circumvent this?

 

To clarify:

 

If I have two offices that I manage from the Meraki dashboard and I enable site-to-site VPN, the two routers will automatically start connecting to each other, even when I do not require this (which I don't). However, as a result, Office A will connect to subnet X, and Office B cannot connect to subnet X because it is already known.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.