Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Non-Meraki VPN to third-party

Solved
dmbooth
Here to help
‎Mar 7 2024 9:35 AM
‎Mar 7 2024 9:35 AM

Non-Meraki VPN to third-party

If a Non-Meraki VPN tunnel is required to connect a Secure Connect site to a third-party, can this be done as normal in Organisation wide settings > Non-Meraki VPN peers on the Security & SD-WAN > Site-to-site VPN page, as you would for a normal (non Secure Connect) Meraki site? Or does the traffic have to go through the Secure Connect tunnel with the Non-Meraki tunnel configured in Secure Connect > Network Tunnels? Thanks

0 Kudos
Subscribe
1 Accepted Solution
Gary_Geihsler1
Meraki Employee
Meraki Employee
‎Mar 7 2024 1:26 PM
‎Mar 7 2024 1:26 PM

If the tunnel is terminating on a non-Meraki device you would use the Secure Connect>Network Tunnels section. As you are not creating a tunnel from a Meraki network to the third party you would not use the Meraki tunnel process. Documentation here

View solution in original post

Subscribe
5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 7 2024 11:24 AM
‎Mar 7 2024 11:24 AM

I don't know - but I expect you should still be able to create a non-Meraki tunnel in this way.

0 Kudos
Subscribe
Gary_Geihsler1
Meraki Employee
Meraki Employee
‎Mar 7 2024 1:26 PM
‎Mar 7 2024 1:26 PM

If the tunnel is terminating on a non-Meraki device you would use the Secure Connect>Network Tunnels section. As you are not creating a tunnel from a Meraki network to the third party you would not use the Meraki tunnel process. Documentation here

Subscribe
dmbooth
Here to help
‎Mar 8 2024 1:48 AM
‎Mar 8 2024 1:48 AM

Thanks Gary. It was when I found the page in documentation you have referred to that made me think the regular non-Meraki VPN might not work. Once the non-Meraki tunnel is configured in the Network Tunnels section is anything else required to route traffic from the Meraki sites, or is routing information passed to sites as soon as the tunnels are configured?

0 Kudos
Subscribe
In response to dmbooth
Gary_Geihsler1
Meraki Employee
Meraki Employee
‎Mar 8 2024 3:23 PM
‎Mar 8 2024 3:23 PM

If meraki sites are connected to Secure Connect via AutoVPN they will automatically be advertising to Secure Connect reachable subnets. 

Gary_Geihsler1_0-1709940065701.png

 

When you connect a non-meraki device via IPsec you will also define the routable subnets in the configuration. Once both tunnels are connected, you would need to enable a source-destination cloud firewall rule to allow connectivity as the default private app and network rule is a deny all. then the sites would be able to communicate with each other. 

 

Subscribe
In response to Gary_Geihsler1
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 10 2024 12:33 PM
‎Mar 10 2024 12:33 PM

Good information @Gary_Geihsler1 .  I must get a licence for this so I can play with it.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.