I installed firmware 15.6 and had IKEv2 enabled by support. Created a route base vpn gateway in Azure and added the site to site IPSec connection to the Meraki. Setup the Meraki side to connect to the Azure gateway. Basically setup the same way as if I was doing a policy based tunnel. I don’t have an NSG or route table on the gateway subnet. I can’t get the tunnel to connect. When I run the network watcher it says check for NSG etc..
Am I missing something?
Might need to ask a couple more questions here.
Are you pointing the non-meraki VPN tunnel to the Azure public IP address? Are the pre-shared secrets, timeouts, and other configuration options matching what you have setup on Azure?
What happens to the IKE packets outbound from the Meraki MX? Are there any return packets/traffic from the Azure address range?
Azure private LAN IP ----- Azure public <------> Meraki public ----- Meraki private LAN IP range
Are there any rules for port forwarding or 1:1 NAT on the Meraki MX?
Sorry for the million questions, just need to picture a bit more of what actual config is on these respective devices.
Hey, have you managed to sort this. We are deploying an Azure site to site to an MX67 device next week with route based using ikev2, just want to make sure this works before we go ahead.
Actually we did get it working. the best way to do it setup the vpn tunnels before updating to the latest beta software. After you update to the Beta software you can call support and tell them which tunnel needs IKEv2.