cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

MackensonE
Conversationalist
‎10-04-2019 09:37 AM
‎10-04-2019 09:37 AM

Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

I am new configuring Meraki devices. They ask me to set up a MX84 for site-to-site VPN with a non-meraki devices, some router Cisco C800 that have Dynamic IP. Is that possible?

Does anyone know how to configure this in the MX84?

 

Thank you in advance for your help.

Reply
11 REPLIES 11
Network-dad
A model citizen
‎10-04-2019 10:27 AM
‎10-04-2019 10:27 AM

Re: Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

I can't find anything saying this is not possible.. most of the back end across the Mx's are the same except certain hardware differences. I know it works for our MX100 so I see no reason it would not work with the MX84.

 

You can create Site-to-site VPN tunnels between the MX appliance and a Non-Meraki VPN endpoint device under the Non-Meraki VPN peers section on the Security & SD-WAN > Configure > Site-to-site VPN page. Simply click "Add a peer" and enter the following information:

  • A name for the remote device or VPN tunnel.
  • The public IP address of the remote device.
  • The subnets behind the third-party device that you wish to connect to over the VPN. 0.0.0.0/0 can also be specified to define a default route to this peer.
  • The IPsec policy to use.
  • The preshared secret key (PSK).
  • Availability settings to determine which appliances in your Dashboard Organization will connect to the peer.

Note that if an MX is configured with a default route (0.0.0.0/0) to a Non-Meraki VPN peer, traffic will not failover to the WAN, even if the connection goes down.

Dakota Snow | Network-dad Linkdedin
CMNO | A+ | ECMS2
Check out IT Career Skills onIt Career SkillsIt Career Skills
0 Kudos
Reply
Network-dad
A model citizen
‎10-04-2019 10:34 AM
‎10-04-2019 10:34 AM

Re: Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

Digging even more into my dashboard I can see even my Z3's can connect to non-Meraki VPN's so I think you should be good to go!
Dakota Snow | Network-dad Linkdedin
CMNO | A+ | ECMS2
Check out IT Career Skills onIt Career SkillsIt Career Skills
0 Kudos
Reply
MackensonE
Conversationalist
‎10-04-2019 10:34 AM
‎10-04-2019 10:34 AM

Re: Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

I know how to create site-to-site VPN between the MX84 and other non-meraki peer devices with static IP address. Just add the IP address in the Public IP address Field and it works. But the problem I have now is that the other non-meraki peers have dynamic IP addresses that are getting changed. 

Reply
Network-dad
A model citizen
‎10-04-2019 10:59 AM
‎10-04-2019 10:59 AM

Re: Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

ohhh.. that would be tricky.. you would need to use some DDNS service or something I would think.. it would be less than ideal but it would work. 

Dakota Snow | Network-dad Linkdedin
CMNO | A+ | ECMS2
Check out IT Career Skills onIt Career SkillsIt Career Skills
0 Kudos
Reply
Nash
Kind of a big deal
‎10-04-2019 03:52 PM
‎10-04-2019 03:52 PM

Re: Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

I don't think DDNS would help here. Third party tunnels have to use IP addresses by their very nature. 

 

@MackensonE can the remote end get a static IP? Any chance? And maybe a less archaic router while they're at it... 😂

Windows 10 Client VPN scripts: Makes life better!
0 Kudos
Reply
PhilipDAth
Kind of a big deal
Kind of a big deal
‎10-04-2019 05:52 PM
‎10-04-2019 05:52 PM

Re: Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

>They ask me to set up a MX84 for site-to-site VPN with a non-meraki devices, some router Cisco C800 that have Dynamic IP. Is that possible?

 

No.  You will need a static IP on the 800 series.

0 Kudos
Reply
MackensonE
Conversationalist
‎10-07-2019 01:54 PM
‎10-07-2019 01:54 PM

Re: Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

So, you're telling me Meraki does not support site-to-site VPN with dynamic IP peers like a normal ISR router does?

0 Kudos
Reply
Nash
Kind of a big deal
‎10-07-2019 01:55 PM
‎10-07-2019 01:55 PM

Re: Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

@MackensonE wrote:

So, you're telling me Meraki does not support site-to-site VPN with dynamic IP peers like a normal ISR router does?

@MackensonE That's correct. Meraki's third-party site-to-site VPN only works with peers who use static IPs.

Windows 10 Client VPN scripts: Makes life better!
0 Kudos
Reply
10101010
Conversationalist
‎06-22-2020 07:10 AM
‎06-22-2020 07:10 AM

Re: Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

I know this an old post.. however I was able to get around it. The workaround for me was to detect the new ip(spoke side) and run a script to 1) change the configuration of the spoke side router 2) call Meraki MX API can change the "remote ip".. 

Reply
DaveMunger
New here
‎07-06-2020 07:20 PM
‎07-06-2020 07:20 PM

Re: Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

Could you please paste your API call?

0 Kudos
Reply
10101010
Conversationalist
‎07-07-2020 11:45 AM
‎07-07-2020 11:45 AM

Re: Does Meraki MX84 support Site-to-site VPN Tunnel with non-meraki Dynamic IP Peer?

Cant post my script, however I used thirdPartyVPNPeers API Call. More info at https://documenter.getpostman.com/view/7928889/SVmsVg6K?version=latest

 

0 Kudos
Reply
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2021 Meraki