Meraki

jOMeraki2

Hi,

I would like to confirm how Cisco Meraki MX handles VPN connections with non-Meraki peers.

In my experience, the VPN tunnel only comes up when traffic is initiated from the Meraki side.

Does this mean that Meraki uses a policy-based IPSec VPN in such cases, rather than a route-based VPN?

Thanks in advance for clarifying.

alemabrahao

"Meraki MX devices establish policy-based VPNs with non-Meraki peers. The tunnel will only be initiated when traffic matching the configured local/remote subnets is seen.”

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

alemabrahao

"Meraki MX devices establish policy-based VPNs with non-Meraki peers. The tunnel will only be initiated when traffic matching the configured local/remote subnets is seen.”

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

AlexP

This was historically true, but starting with MX19, we form route-based tunnels if IKEv2 with either health checks, or if eBGP over IPsec is in use.

alemabrahao

Enable keepalives or periodic pings from the Meraki side to keep the tunnel up.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Meraki

Community

Does Meraki use policy-based VPN with non-Meraki peers?

Does Meraki use policy-based VPN with non-Meraki peers?