cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

Conversationalist

Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

I am new configuring Meraki devices. They ask me to set up a MX84 for site-to-site VPN with a non-meraki devices, some router Cisco C800 that have Dynamic IP. Is that possible?

Does anyone know how to configure this in the MX84?

 

Thank you in advance for your help.

8 REPLIES 8
Getting noticed

Re: Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

I can't find anything saying this is not possible.. most of the back end across the Mx's are the same except certain hardware differences. I know it works for our MX100 so I see no reason it would not work with the MX84.

 

You can create Site-to-site VPN tunnels between the MX appliance and a Non-Meraki VPN endpoint device under the Non-Meraki VPN peers section on the Security & SD-WAN > Configure > Site-to-site VPN page. Simply click "Add a peer" and enter the following information:

  • A name for the remote device or VPN tunnel.
  • The public IP address of the remote device.
  • The subnets behind the third-party device that you wish to connect to over the VPN. 0.0.0.0/0 can also be specified to define a default route to this peer.
  • The IPsec policy to use.
  • The preshared secret key (PSK).
  • Availability settings to determine which appliances in your Dashboard Organization will connect to the peer.

Note that if an MX is configured with a default route (0.0.0.0/0) to a Non-Meraki VPN peer, traffic will not failover to the WAN, even if the connection goes down.

Dakota Snow | Network-dad Linkdedin
CMNO | A+ | ECMS2
Check out IT Career Skills onIt Career SkillsIt Career Skills
Conversationalist

Re: Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

I know how to create site-to-site VPN between the MX84 and other non-meraki peer devices with static IP address. Just add the IP address in the Public IP address Field and it works. But the problem I have now is that the other non-meraki peers have dynamic IP addresses that are getting changed. 

Highlighted
Getting noticed

Re: Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

ohhh.. that would be tricky.. you would need to use some DDNS service or something I would think.. it would be less than ideal but it would work. 

Dakota Snow | Network-dad Linkdedin
CMNO | A+ | ECMS2
Check out IT Career Skills onIt Career SkillsIt Career Skills
Kind of a big deal

Re: Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

I don't think DDNS would help here. Third party tunnels have to use IP addresses by their very nature. 

 

@MackensonE can the remote end get a static IP? Any chance? And maybe a less archaic router while they're at it... 😂

Getting noticed

Re: Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

Digging even more into my dashboard I can see even my Z3's can connect to non-Meraki VPN's so I think you should be good to go!
Dakota Snow | Network-dad Linkdedin
CMNO | A+ | ECMS2
Check out IT Career Skills onIt Career SkillsIt Career Skills
Kind of a big deal

Re: Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

>They ask me to set up a MX84 for site-to-site VPN with a non-meraki devices, some router Cisco C800 that have Dynamic IP. Is that possible?

 

No.  You will need a static IP on the 800 series.

Conversationalist

Re: Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

So, you're telling me Meraki does not support site-to-site VPN with dynamic IP peers like a normal ISR router does?

Kind of a big deal

Re: Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?


@MackensonE wrote:

So, you're telling me Meraki does not support site-to-site VPN with dynamic IP peers like a normal ISR router does?


@MackensonE That's correct. Meraki's third-party site-to-site VPN only works with peers who use static IPs.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.