Site to Site VPN between 2 GX50 firewalls

DavK
New here

Site to Site VPN between 2 GX50 firewalls

Hi,

 

I'm looking to improve the visibility of traffic on my networks so was looking at the Meraki MX50 as it looks like it would fit the bill, but just had a question about site to site VPNs that I hope someone might be able to help with.

 

It looks like running a VPN server on a GX50 is possible, so I guess as long as I forward/open some ports getting a client to connect via the public IP is not a problem. Ideally I'd like to do something where I don't open any ports on my router/firewall, so if I had 2 GX50s could I possibly connect them together without using a public IP?

 

My thinking was if both the firewalls are registered to the same account, they know each other exist and can just talk to each other, if that makes sense?

 

Thanks

4 REPLIES 4
Cykstfc
Here to help

Meraki Go GX50 only supports client to VPN but no site-to-site tunneling. You should consider the Meraki MX67 if that is a feature you really need as the auto-vpn functionality (one of Meraki’s best features, IMO) is exactly what you are looking for.

 

 I’d evaluate why you need this functionality first, as unless you have a need to access resources on another network, I try to avoid connecting networks together when not necessary.

DavK
New here

Hi @Cykstfc , thank you for taking the time to reply. Yes I did a little more digging through the FAQs on the site and it seems that it is one go gateway per email/login. So my thinking of two gateways in the same account sounds like it isn't possible.

 

It looks like the more feature rich MX hardware is the way to go, unfortunately that is all a little pricy especially with the ongoing licensing. Will see if there are other products out there that might fit the bill.

 

Thank You

Cykstfc
Here to help

The idea of the required license is hard to swallow but if you consider the total cost of ownership, it really isn’t too bad. For example, as long as you are not doing HA with a standby router, there’s no need for static IPs on your WAN interfaces as the autovpn feature will build the vpn when the MX checks in. Depending on your ISP, a static is going to run you $10-$20/mo. The enterprise license for an mx67 will pay itself off at that rate.

delfuego
Getting noticed

Site to site VPN on Meraki Enterprise gear is excellent. Save yourself and your customers and just get them. They do cost, but will end up saving money in the long run. We have MX-to-Z3 networks and MX-to-MX networks (+8 VPN mesh) all running for years w/o issue or additional config.