Meraki

Community

How to use Peer IDs with multiple Teleworker GWs using Dialup Connection?

COtto
Comes here often
Wednesday
Wednesday

How to use Peer IDs with multiple Teleworker GWs using Dialup Connection?

Hi,

 

I`m running a setup with 5 Teleworker GWs (Z4C) with LTE-Uplink and dynamic IPs connecting to our HQ-Fortigate Firewall via IPsec Tunnel. I've created a template in Meraki for this, configured the tunnel (non Meraki Peer) and assigned it to the Gateways.

In the Fortigate there is just one Tunnel-profile with the different subnets (phasse2) - works super smooth.

Now i have to add another site with an LTE-Uplink and dynamic IPs - using a MX85. First i tried to use the existing template but that did not work because of a difference in the network-ports.

So I probably need two different tunnel-profiles on both ends - which to my understanding - requires the use of peer ids. I've searched quite a lot but couldnt find a good explanation on how to use these IDs to seperate the tunnels.

Could someone explain to me how to set that up between a Fortigate and Meraki ?

 

Thanks!

thanks,
christoph
0 Kudos
5 Replies 5
Mloraditch
Kind of a big deal
Wednesday
Wednesday

Are you referring to Meraki templates and ports being the issue?

 

If so, based on your description the MX85 is connecting exactly like the Z4s so I don't think you actually need to change anything with your VPN configs. The fortigate doesn't know the difference between a Z4 and MX and the Meraki 3rd party VPN settings also don't care. You can just create a new Meraki template or leave the MX85 network unbound.

I would try that first.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to Mloraditch
COtto
Comes here often
Thursday
Thursday

Ok thanks, will try that.

thanks,
christoph
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
Wednesday
Wednesday

That is going to be challenging.

 

There is an easy solution.  Get a little MX, like an MX67, put it in the same org as the other MXs, and run it in VPN concentrator mode behind your Fortigate.  Then, on your Fortigate, just create static routes pointing to the VPN concentrator.

Meraki will automatically orchestrate all the VPNs between MX units (AutoVPN).

 

https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide

 

In response to PhilipDAth
KarstenI
Kind of a big deal
Kind of a big deal
Thursday
Thursday

This, and only this, is the way to go if you want a hassle-free VPN setup.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to KarstenI
COtto
Comes here often
Thursday
Thursday

Would love to do that but since this is just an interim solution i can't do it.

thanks,
christoph
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.