Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Configure my Z3 as a hub

dlangschied
New here
‎Jun 27 2019 6:33 AM
‎Jun 27 2019 6:33 AM

Configure my Z3 as a hub

I have received my first Meraki device for trial.  I have a number of Cisco sites-to-site VPNs setup on my RV042G.  I am trying to set them up on the Meraki Z3.  I cannot because a have not setup a hub.  I cannot find any documentation on this.  Will I be able to set up this device for site-to-site VPN connectivity with my existing sites during the trial?  Is Z3 capable of being a hub?  

0 Kudos
Subscribe
5 Replies 5
BrechtSchamp
Kind of a big deal
‎Jun 27 2019 6:40 AM
‎Jun 27 2019 6:40 AM

You'll only be able to leverage the 3d party IPsec VPN with anything other than Meraki MX/Z devices. Refer to this guide to setup Non-Meraki IPsec:

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Settings#Non-Meraki_VPN_peers

 

0 Kudos
Subscribe
In response to BrechtSchamp
dlangschied
New here
‎Jun 27 2019 7:47 AM
‎Jun 27 2019 7:47 AM

That is unfortunate.  This would not be useful to me at all.  I was hoping to convert all sites from RV042G to Meraki, but I cannot do it all at once.  This makes me not a fan of Meraki.  Oh well!  I guess I return the device.

 

Thank you for your help!

0 Kudos
Subscribe
In response to dlangschied
BrechtSchamp
Kind of a big deal
‎Jun 27 2019 8:03 AM
‎Jun 27 2019 8:03 AM

Don't get me wrong, the teleworker devices can build IPsec VPN tunnels with your existing devices. It's just, you'll have to configure them manually instead of using the AutoVPN functionality.

 

To be honest you would be using the wrong type of device though. The teleworker devices are designed to be spoke-type of devices with a limited number of users behind them (and limited security functionality). As a central device receiving tunnels, an MX would make more sense. That said, I'm pretty sure it can act as a "hub" for both AutoVPN and Non-Meraki IPsec tunnels.

 

If you have the device there, definitely try it out. It would be a waste not to have tried it.

Subscribe
In response to BrechtSchamp
dlangschied
New here
‎Jul 2 2019 4:32 AM
‎Jul 2 2019 4:32 AM

You are referring to auto vs. manual.  I apologize, but I do not know what it is that you are saying.  I tried to add the VPN connection with Meraki as hub. 

 

On the main VPN screen under the hub selection I see:  "There are no other hubs in the VPN."

 

I add the tunnel info to the third-party router and I get:  "Settings could not be saved. Please verify that your connection is working and try again."

 

Maybe this has nothing to do with the hub, but something is wrong with what I am doing.  The sad part is that nothing gets saved.

 

This is not my first VPN.  I have done dozens of these with Cisco and SonicWall.  I currently have a dozen active VPNs with the customer that I am seeking to convert to Meraki.  The Z3 will represent a spoke at the location where it is currently needed.  I will not invest money in replacing any routers without success on this router.

0 Kudos
Subscribe
In response to dlangschied
BrechtSchamp
Kind of a big deal
‎Jul 2 2019 4:57 AM
‎Jul 2 2019 4:57 AM

AutoVPN is the "proprietary" way of establishing VPN tunnels between Meraki devices. In your case this is not what you need. You need 3d party IPsec VPN, called Non-Meraki VPN in the dashboard.

 

To configure it you'll have to set the Z3 to hub (otherwise the Non-Meraki VPN settings don't appear). You can then set the "Use VPN" column of the local subnets to "No" as you won't actually use AutoVPN.

 

Then you configure all your IPsec parameters.

 

Something like this:

2019-07-02 13_55_52-Clipboard.png

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.