I am new configuring Meraki devices. They ask me to set up a MX84 for site-to-site VPN with a non-meraki devices, some router Cisco C800 that have Dynamic IP. Is that possible?
Does anyone know how to configure this in the MX84?
Thank you in advance for your help.
I can't find anything saying this is not possible.. most of the back end across the Mx's are the same except certain hardware differences. I know it works for our MX100 so I see no reason it would not work with the MX84.
You can create Site-to-site VPN tunnels between the MX appliance and a Non-Meraki VPN endpoint device under the Non-Meraki VPN peers section on the Security & SD-WAN > Configure > Site-to-site VPN page. Simply click "Add a peer" and enter the following information:
Note that if an MX is configured with a default route (0.0.0.0/0) to a Non-Meraki VPN peer, traffic will not failover to the WAN, even if the connection goes down.
I know how to create site-to-site VPN between the MX84 and other non-meraki peer devices with static IP address. Just add the IP address in the Public IP address Field and it works. But the problem I have now is that the other non-meraki peers have dynamic IP addresses that are getting changed.
ohhh.. that would be tricky.. you would need to use some DDNS service or something I would think.. it would be less than ideal but it would work.
I don't think DDNS would help here. Third party tunnels have to use IP addresses by their very nature.
@MackensonE can the remote end get a static IP? Any chance? And maybe a less archaic router while they're at it... 😂
>They ask me to set up a MX84 for site-to-site VPN with a non-meraki devices, some router Cisco C800 that have Dynamic IP. Is that possible?
No. You will need a static IP on the 800 series.
So, you're telling me Meraki does not support site-to-site VPN with dynamic IP peers like a normal ISR router does?
@MackensonE wrote:So, you're telling me Meraki does not support site-to-site VPN with dynamic IP peers like a normal ISR router does?
@MackensonE That's correct. Meraki's third-party site-to-site VPN only works with peers who use static IPs.
I know this an old post.. however I was able to get around it. The workaround for me was to detect the new ip(spoke side) and run a script to 1) change the configuration of the spoke side router 2) call Meraki MX API can change the "remote ip"..
Could you please paste your API call?
Cant post my script, however I used thirdPartyVPNPeers API Call. More info at https://documenter.getpostman.com/view/7928889/SVmsVg6K?version=latest